Help!! Does anyone Know how to block DDOS ATTACKS

[bgc341]

Hi guys i need some help try to block this Dos attack iv'e been getting repeatedly everyday and my ISP won't do anything about it. what can i do to stop it ? it has been causing all my devices to crash.

here is the log i got from the router log.

 

 

 

Description	Count	Last Occurrence	Target	Source
[DoS attack: Ping Of Death] from 10.0.43.64, port 0	3	Wed Jul 26 15:45:27 2017	16.163.235.167:0	10.0.43.64:0
[DoS attack: Illegal Fragments] from 10.0.43.64, port 0	1	Wed Jul 26 14:15:45 2017	16.163.235.167:0	10.0.43.64:0
[DoS attack: Ping Of Death] from 10.0.43.64, port 0	3	Wed Jul 26 13:53:06 2017	16.163.235.167:0	10.0.43.64:0
[DoS attack: Illegal Fragments] from 10.0.43.64, port 0	1	Wed Jul 26 12:52:39 2017	16.163.235.167:0	10.0.43.64:0
[DoS attack: Ping Of Death] from 10.0.43.64, port 0	4	Wed Jul 26 12:40:01 2017	16.163.235.167:0	10.0.43.64:0
[DoS attack: Teardrop or derivative] from 10.0.43.64, port 0	3	Wed Jul 26 12:26:40 2017	16.163.235.167:0	10.0.43.64:0
[DoS attack: Illegal Fragments] from 10.0.43.64, port 0	1	Wed Jul 26 12:26:36 2017	16.163.235.167:0	10.0.43.64:0
[DoS attack: Teardrop or derivative] from 10.0.43.64, port 0	1	Wed Jul 26 09:58:25 2017	16.163.235.167:0	10.0.43.64:0
[DoS attack: Ping Of Death] from 10.0.43.64, port 0	1	Wed Jul 26 05:39:56 2017	16.163.235.167:0	10.0.43.64:0
[DoS attack: Illegal Fragments] from 10.0.43.64, port 0	1	Wed Jul 26 03:29:37 2017	16.163.235.167:0	10.0.43.64:0
[DoS attack: Teardrop or derivative] from 10.0.43.64, port 0	5	Wed Jul 26 02:23:33 2017	16.163.235.167:0	10.0.43.64:0
[DoS attack: Illegal Fragments] from 10.0.43.64, port 0	1	Wed Jul 26 02:19:12 2017	16.163.235.167:0	10.0.43.64:0
[DoS attack: Teardrop or derivative] from 10.0.43.64, port 0	1	Wed Jul 26 02:19:12 2017	16.163.235.167:0	10.0.43.64:0
[DoS attack: Illegal Fragments] from 10.0.43.64, port 0	1	Wed Jul 26 02:19:11 2017	16.163.235.167:0	10.0.43.64:0
[DoS attack: Teardrop or derivative] from 10.0.43.64, port 0	4	Wed Jul 26 02:19:11 2017	16.163.235.167:0	10.0.43.64:0
[DoS attack: Illegal Fragments] from 10.0.43.64, port 0	1	Wed Jul 26 02:19:11 2017	16.163.235.167:0	10.0.43.64:0
[DoS attack: Teardrop or derivative] from 10.0.43.64, port 0	1	Wed Jul 26 02:19:11 2017	16.163.235.167:0	10.0.43.64:0
[DoS attack: Ping Of Death] from 10.0.43.64, port 0	1	Wed Jul 26 02:19:11 2017	16.163.235.167:0	10.0.43.64:0
[DoS attack: Teardrop or derivative] from 10.0.43.64, port 0	15	Wed Jul 26 02:19:11 2017	16.163.235.167:0	10.0.43.64:0

[Mornincupofhate]

Whose your provider?

 

If it's a volumetric attack, it can't be stopped on your end. Period. 

[bgc341]

Just now, Mornincupofhate said:

Whose your provider?

 

If it's a volumetric attack, it can't be stopped on your end. Period. 

comcast

[iamdarkyoshi]

Well posting your IP address isn't helping matters

[bgc341]

1 minute ago, iamdarkyoshi said:

Well posting your IP address isn't helping matters

thats not my ip addrees thats the attackers ip  

[brwainer]

All of these reports say " from 10.0.43.64 " - that IP is not a public IP, therefore this is coming from something in your LAN.

[Mornincupofhate]

Just now, bgc341 said:

comcast

Back in the days of ddos I used to be able to hit off entire comcast nodes with one attack. Comcast doesn't care about ddos attacks. 

 

Your best bet is to ask them to change your IP address and get on a VPN whenever you're gaming. Even if they're not capping out your bandwidth, your modem is still going to die with the amount of packets getting sent to it.

 

Disable ICMP if it isn't already disabled.

[bgc341]

Just now, brwainer said:

All of these reports say " from 10.0.43.64 " - that IP is not a public IP, therefore this is coming from something in your LAN.

intreasting thats not the assigned ip addresses for my devices  

[Mornincupofhate]

The attack doesn't look like it's distributed, and in fact, it's coming from only one address. That address is broadband and doesn't seem to be coming from a datacenter. You could probably call up his ISP and report it with the logs.

 

http://whatismyipaddress.com/ip/16.163.235.167

 

Enjoy.

[bgc341]

1 minute ago, Mornincupofhate said:

The attack doesn't look like it's distributed, and in fact, it's coming from only one address. That address is broadband and doesn't seem to be coming from a datacenter. You could probably call up his ISP and report it with the logs.

 

http://whatismyipaddress.com/ip/16.163.235.167

 

Enjoy.

thanks

 

[Mornincupofhate]

From the logs, it also looks like he has no idea what he's doing. He's trying different attacks that shouldn't be working with most modems (Ping of death)

 

Disable ICMP and block incoming fragmented packets in the firewall when the attack starts and see if that mitigates it.

[bgc341]

1 minute ago, Mornincupofhate said:

From the logs, it also looks like he has no idea what he's doing. He's trying different attacks that shouldn't be working with most modems (Ping of death)

 

Disable ICMP and block incoming fragmented packets in the firewall when the attack starts and see if that mitigates it.

i did that but it still gets through

[Mornincupofhate]

What confuses me is that your IDS says the attacks are coming from inside your network, and are attack a location outside your network. If that's the case, then I gave you your own IP address.

 

Comcast really needs to get their shit together.

[Mornincupofhate]

1 minute ago, bgc341 said:

i did that but it still gets through

Yeah then there's nothing you can do. Modems aren't at all built to sustain high packet per second attacks.

 

Call up comcast and get a new IP address and pay for a VPN. I use www.privateinternetaccess.com

[Lurick]

5 minutes ago, Mornincupofhate said:

The attack doesn't look like it's distributed, and in fact, it's coming from only one address. That address is broadband and doesn't seem to be coming from a datacenter. You could probably call up his ISP and report it with the logs.

 

http://whatismyipaddress.com/ip/16.163.235.167

 

Enjoy.

That's a static IP address to HP.

Either HP has got an infected host, or someone is about to get fired, lol.

 

Only way I can see a 10.x.x.x address attacking OP is if it's within Comcast's internal network which would be pretty sad.

[manikyath]

once again.. someone doesnt understand the difference between DoS and DDoS..

 

this is a DoS attack, blocking this is as easy as blocking/ignoring the host this is coming from.

 

which.. by the way.. 10.0.0.0 is meant for local usage only, so this shouldnt be coming from out on the interwebz anyways.

[Mornincupofhate]

Just now, Lurick said:

That's a static IP address to HP.

Either they've got an infected host, or someone is about to get fired, lol.

 

Only way I can see a 10.x.x.x address attacking OP is if it's within Comcast's internal network which would be pretty sad.

Or comcast fucked up while building their IDS. Which is most likely the case.

[Mornincupofhate]

1 minute ago, manikyath said:

once again.. someone doesnt understand the difference between DoS and DDoS..

 

this is a DoS attack, blocking this is as easy as blocking/ignoring the host this is coming from.

 

which.. by the way.. 10.0.0.0 is meant for local usage only, so this shouldnt be coming from out on the interwebz anyways.

Wrong. His modem clearly can't handle the high pps rate that's coming through the line. Therefore, he can't mitigate it.

 

He's already tried denying the packets.

[Lurick]

Just now, Mornincupofhate said:

Or comcast fucked up while building their IDS. Which is most likely the case.

Most likely yah, Comcast isn't exactly known for their quality of service  

[brwainer]

15 minutes ago, bgc341 said:

it has been causing all my devices to crash.

can you define what you mean by this? Are devices rebooting, or do you just mean that connections stop working?

[manikyath]

Just now, Mornincupofhate said:

Wrong. His modem clearly can't handle the high pps rate that's coming through the line. Therefore, he can't mitigate it.

 

He's already tried denying the packets.

still though, how the flip is it coming from the 10.0.0.0 subnet?

[Mornincupofhate]

Just now, manikyath said:

still though, how the flip is it coming from the 10.0.0.0 subnet?

Spoofed flood.

 

Or as I said earlier, comcast fucked up on their IDS.

[manikyath]

Just now, brwainer said:

can you define what you mean by this? Are devices rebooting, or do you just mean that connections stop working?

and more specificly, which devices.

 

tek sappurt rule 1: when a user says "all devices" there is a severe lack of testing.

[Mornincupofhate]

18 minutes ago, bgc341 said:

 it has been causing all my devices to crash.

I totally missed this part. What's crashing? Your modem or your actual PC?

[bgc341]

Just now, brwainer said:

can you define what you mean by this? Are devices rebooting, or do you just mean that connections stop working?

they are freezing and crashing im using comodo and malwarebytes to try and stop it from reaching my computer and my Android phone but it still has reached said devices