• Our Minecraft servers are offline but we will keep this forum online for any community communication. Site permissions for posting could change at a later date but will remain online.

PSA: DDoS and DDoS Prevention

Status
Not open for further replies.

Col_StaR

Administrator
Staff member
Joined
Mar 10, 2013
Messages
1,261
Reaction score
6,724
PSA: DDoS and DDoS Prevention
By Col_StaR , StaticReach , Axanite , Tjdriver , Giggums
With contributions the staff and community of MCGamer.
Special thanks to Justin / MarcoPolo, whose earlier guide inspired this guide!​


Introduction

Have you ever been so angry at a person that you wish you could just punch them? Has that ever occurred online, and you wished you could punch them through your monitor?


Artist’s rendering

Thankfully, no one has invented a device that will allow you to physically assault someone via the internet; my patent is still pending. However, just because you may be safe from physical harm does not mean you cannot be attacked online. With the right tools and a weak set of morals, people can exploit your connection to the internet to cause harm or damage against you. The most common type of such an attack is a DDoS attack.

DDoSing is a rare but very real threat against anyone with an internet connection. This PSA will address the best ways to keep yourself safe from a DDoS Attack.

What is a DDoS?

DDoS Stands for Distributed Denial of Service.

If one person uses a DDoS against another person, that is considered a DDoS attack.

In layman’s terms, a Distributed Denial of Service attack is akin to clogging up your internet tubes so much that they fail to function. It’s like a toilet whose pipes are full of toilet paper, or a traffic jam caused by a car accident. The end result is that your internet slows to a crawl- or stops altogether- until the DDoS stops.


The Plumbing Equivalent to DDoSing
The technical definition is much more complicated. It involves a lot of malware-infected computers being hijacked to form a Botnet. This botnet is then directed by the attacker towards the IP address of their target, and the botnet uses the giant number of computers to send a giant number of packets to the IP address. The network handling the IP address can’t handle the hundreds if not thousands of packets being sent every second, and thus the network has all of its internet traffic clogged under a mountain of garbage data packets.

If you’d like to read up more on DoSing or DDoSing, here’s a link to the Wikipedia page: http://en.wikipedia.org/wiki/Denial-of-service_attack

This may sound like a rather advanced attack, perhaps too advanced for a kid who plays Minecraft all day to use. But the truth is that lesser denizens of the internet have made such attacks easier and more common than ever, an unfortunate consequence of the Information Age. Script Kiddies around the world might think of themselves as all-powerful hackers, but the truth is that DDoSing is the equivalent to attacking someone with a wooden 2x4 board: unsophisticated and blunt, but effective against defenseless victims.

Don’t be defenseless against such attacks. It is more important than ever to protect yourself against such attacks.

Why Do People DDoS?

Because people are jerks.

Why do people get into fights? Do some people even need a reason?
Some people will find any excuse to exercise some perception of power over others.

Whether it’s a petty clan rivalry, an argument between individuals, or a campaign of spite against the network itself, people will DDoS for even the most minor of things. It’s rather telling of the character of DDoSers, who would gladly escalate to the equivalent of internet violence and damage in order to settle a disagreement that could easily be solved with a simple discussion. But such attacks have a major parallel with gang violence, hate crime, and police violence: they’re demonstrations of power against those who cannot defend themselves, feeding the ego with the superficial validation that they are in control.

If you should ever find yourself in the presence of someone who takes on such an attitude, it is important that you distance yourself from them. There has been more than one instance where someone befriends a known DDoSer, only to become their victim afterwards.

How Do You Stop a DDoS Attack?

For larger companies, governments, or non-profit organizations that host dedicated servers that are prone to attacks, options exist for them to actively address DDoS attacks. They have network pipelines that are large enough to handle a DDoS attack as if it were natural traffic. They can divert the flow of traffic from one area of the network to another, thus mitigating the attack and lessening its effectiveness. They can have special server-hosting software that aids in DDoS mitigation (Cloudflare is an example of this that we use). They can contact ISP’s, devise counter-measures, drop packets from specific domains, and more. They are the biggest targets and they’re attacked the most, but they have the most resources available to stop such attacks.

Unfortunately, households or individuals such as yourself probably do not have access to such active countermeasures, much less the knowledge on how to set them all up. For this reason, it is unlikely that you can “stop” a DDoS attack on your own, and must simply wait it out in the event of one.

Instead, you must learn to prepare against impending DDoS, diminishing the risk of you being attacked and reducing the amount of damage a DDoS can should you be attacked. Prevention and Defense tactics are described in the following section.


People prepare for Zombie outbreaks, but why don’t they prepare for DDoS attacks?


Preventing DDoSing

Here are a few topics that will aid you in avoiding a DDoS attack. Note that not every topic is a silver-bullet solution, so it is best to practice as many of these as possible to maximize your safety online.

Keep Good Company - StaticReach

Keeping good company will always be vital to ensuring not only your own safety but the safety of those around you. This logic is evident in modern day society as you can even be penalized for simply watching a friend commit an atrocious crime or action. In fact, the saying “bad company destroys good character” holds true in this sense for the actions of others online can have a positive or negative consequence when in relation to you. However, keeping good company is not just essential for online safety but can also translate to real life safety from those who have the incentive to go deeper than merely DDOSing you on a one time basis. But although DDosers can inflict such pain there are various ways to marginalize the likelihood of your company turning sour.

To begin with do not indulge yourself in communicating with users who DDoS. The most frequent cases of DDoS attacks are due to friendships taking a turn for the worse because of minor misunderstandings. In addition to this, it is always best to be selective of your friends for they can truly become your enemies at any given time. However, there are also situations where you are targeted by these people for no apparent reason therefore its always best to dismount from affiliation of even the most inconspicuous of DDosers. So essentially, aim to befriend someone you know is transparent and a person that has no negative ulterior motives.

Secondly, just try not be a general jerk to people you know. A strong aspect of maintaining good company is the realization of knowing negative actions can result in an even worse consequence for yourself. Chances of DDos attacks being directed to you as a result of you slandering are very high for many DDosers, attack for the sake of venting or simply relieving themselves of pending anger. This mentality is evidently wrong however, it is even more disheartening to know it could have been entirely avoided by simply showing general kindness to the people you communicate with. As an addition to this, it may have not dawned on you but many of the people you consider close friends tend to have some connections to these activities so it is highly recommended to watch what you say. Another general rule you can follow is: don’t give them a reason to DDos you and they won’t. But to summarize, cherish your friendships and don’t allow yourself to succumb to anger.

Thirdly, do not trust everything you hear and be cautious of influence. One of the fundamentals of keeping good company is to not be heavily influenced by the things you see or hear from others. Some might see DDoSing as a joke however, do not fall into this standard as it causes possible future harm. Continuing on, it is very likely that at one point in your life you have been pressured to do something. If you are in this situation with these type of people do not disclose your IP address or trust anything stated by people for anything that is said can be for means of manipulation. As for influence, do not involve yourself with their notorious actions as DDoSing happens to be illegal throughout the world therefore, putting yourself in an awful situation if found or caught doing so.

Altogether, these points are just a few out of the conglomerate ways of sustaining good company. None of these are bulletproof but I can wholeheartedly ensure you that the following of these steps will solidify your security not only online but in real life for many of these steps assist us on a regular basis. However, you will still need to be wary of DDosers and must use critical reasoning when faced with such pressing issues. Finally, always be cautious of your surroundings online and don’t do anything you don’t trust.

Dynamic/Static IP - StaticReach

Many people always ponder the difference between Static Ip’s and Dynamic Ip’s and how they both affect the outcome of a DDos attack. To put it in simplistic terms a Static IP address is an address that is assigned by your ISP and does not have the ability to change without direct intervention from the people in which set up your internet connection or yourself. However, a dynamic IP address is a contrast to a Static IP as it is an IP that assigns a different address whenever it is connected to. Although, these are the fundamental differences of the two the question that has not been answered yet is how these two addresses have the ability to affect the outcome of a DDoS attack.

Static IP

Like mentioned above a Static IP is an address that does not have the ability to change. However, the question that still remains is how this can affect the outcome of a DDoS attack. To begin with, Static IP’s are mainly used for big companies and hosting organizations as well as some networks. They do so for they need one main IP that user’s can join when hosting any type of game or even hosting other computer connections online. In most cases Static IP’s are a little bit more prone to DDoS attacks due to having one main address that can be attacked. However, although this is true most people who use Static IP’s tend to have a lot of data/hardware to survive traffic sent from DDoSers. If you are having issues with being DDosed with a Static IP you must call your provider immediately to have a new address assigned to you. Finally many of you must be wondering how to tell if you have a Static IP. There are various ways, to determine your type of IP however, I will list two of the most obvious ways of determining a Static IP. Most Static IP’s are set up manually and due to this if you replug your router your ip won’t have a change. The second method is opening up your cmd and typing ipconfig /all. If DHCP has a no beside it, you have a Static IP.

Dynamic IP
Like mentioned above a Dynamic IP is an IP that has the ability to change and also happens to be the most common IP address for households. Dynamic IP’s are primarily used by most regular households for online and real-life security. As you can infer, these addresses are used for this purpose as they have the ability to change therefore making it significantly difficult for a DDoSer to attack when in comparison with a Static IP. If you do happen to be conflicted by a DDoS attack and happen to know if your address is Dynamic, you can simply unplug your router and replug it back after a couple of minutes finally making your IP change(will always depend on the provider). This process is much less tedious than handling an attack with a Static IP address for blatant reasons.. Continuing on, you can tell whether your IP is Dynamic by doing ipconfig /all and noticing whether DHCP has a yes beside it or simply replugging your router suggestively when no one is using the internet, and checking if your IP address happens to change. Finally, it is always best to contact your provider if you want to change the type of IP address you have.

In conclusion, there is no “perfect” IP type as they both have their advantages and weaknesses. However, although this is true it is recommended to know your address type as it can have a dramatic affect on your online security. These points are just a general rundown of their abilities out of many therefore, if you want extensive information in this field, you should call your provider for further consultation. Finally, do not forget to recall that preference and purpose play the greatest goal on deciding what type of IP you desire.

Prevent Skype Resolvers - Axanite

Skype is a very common form of communication throughout the community and while a lot of people use it for it's intended purpose of communication - some people use it in a very different way. This is where websites and programs called Skype Resolvers come into play. There is a way to protect yourself against these but the option is not automatically enabled on Skype by default, which you may argue is stupid and for a lot of us, it does seem stupid but Skype more than likely has a reasoning behind it. However, let’s not go and derail this.. A quick back story of what a Skype Resolver is and how it works. So, as a normal Skype user - you would usually just add the people you want to speak to but in the gaming community, you want to branch out and meet some new friends over Skype… however, these so-called “friends” might not be friendly after all…. they can use these Skype Resolvers to go against you and get your IP just by knowing your Skype Username. Sounds risky, huh? Well, let’s get into the detail of how it works. Essentially, how it works is simple - you go to the dedicated website as these are usually website based but some may be software which you can download - I’m not going to be giving any examples here, and then you put in the Skype Username of the user you wish to retrieve the IP of and, provided they do not have the option that I mentioned enabled, it will provide you with their current IP. Now that you have an understanding of how it works and how simple it is to just grab somebody’s IP just from their Skype Username, you may ask “How do I stop this from happening!?” and the answer is simple:

Depending on your operating system and version of Skype, this may be different. But, for this, I am using a Desktop PC running Windows 7 Home Premium with Skype up to version 7.3.0.101. I’m sure it will be similar on other operating systems and versions of Skype but if you can’t follow this for your operating system - feel free to search it up on Google. Anyway, let’s resume... What you are going to need to do is open up your Skype window and on the top menu strip, it will have a drop-down menu called Tools, then head down to Options where you will then be presented with a whole list of things you can change. Once inside this list, find where it says Advanced then go to the sub-tab of Connection. In this category of settings, you will find many options to do with your connection towards Skype. Look for an option which is along the lines of ‘Allow Direct Connections to your Contacts Only’. By default, this option is disabled which is why it is so easy to grab somebody’s IP as an unexpected user of Skype. To prevent your IP from being grabbed by these Skype Resolvers, you want to enable this option.

One thing I would like to mention regarding this option is that it is only disabling direct connections for non-contacts.This means that anyone who is your contact on Skype can still retrieve your IP by their own means. However, for the most part - your IP is safe from Skype Resolvers. After enabling this option, please carry out a monthly check using a Skype Resolver just to make sure any resolvers have not found a way to get around this option because this is entirely possible and is more than likely going to happen at some point. In addition to this, also make sure your Skype Version is fully up-to-date every so often.

Be Cautious with Unknown Links or IP’s - Col. StaR
To the untrained eye, this may seem like a legitimate request; you might be thinking, “Huh, that’s weird. I don’t recall swearing at someone on the Hive. I should check this out”. But once you click on that link, you have fallen into their trap. They’ve logged your IP address, and they are now free to use and distribute it as they see fit. Spoiler warning: it’s never a nice use.

If people don’t know your IP address in order to attack you, they will often resort to deception in order to get it. This usually includes luring you to access a website or a TeamSpeak that will collect your IP and give it to them. The two most common ways for people to log your IP is by using a malicious website, or by inviting you to a hostile TeamSpeak.

Malicious Website

The picture above has its phony forum link to a dedicated website that logs IP addresses. And as stated earlier, the moment you click on that link and your browser accesses that link, your IP is logged for malicious uses. On TeamSpeak, people will format their messages in a hacky way so that the link shown in text is different from the link that you will actually be sent to.

The best way to avoid malicious websites is by avoiding links that are sent from unknown persons, or link to suspicious websites. Do note that on TeamSpeak, you can actually check the true destination that a link will send you to by hovering your cursor over the link and looking in the lower-left box of your Teamspeak; the destination URL should be shown in text. However, even if you always vet your links, it’s best to avoid suspicious links altogether.

Hostile TeamSpeak

If anyone asks you to join their private TeamSpeak, or someone gives you an IP to connect to, be cautious as it may be a ploy. Whenever you connect to something, it automatically shares your IP with the server you are connecting to. As such, server owners will lure people onto their TeamSpeak servers, and use their access to log your IP.

Obviously, the best way to avoid this situation is by avoiding unknown TeamSpeaks and IP’s altogether. Don’t go anywhere you don’t know, and don’t visit the servers of anyone you don’t trust. The MCGamer platforms have IP access permissions reserved only for Admins, so it is a trustworthy TeamSpeak to chat on.

While luring people to Teamspeak servers is the most common tactic, connecting to any server will usually log your IP; you want to make sure that you connect only to servers with trustworthy owners.

You wouldn’t get into a creeper van just because someone asked you to.
You wouldn’t take a pill just because someone said it would be great.
You wouldn’t jump off a bridge just because someone said you should.
So then why would you click on something just because someone asked you to?

VPN’s - Tjdriver

A Virtual Private Network (or more commonly known as VPN) is a private network usually ran by organizations. VPN’s allow you to communicate information across a network securely. Now you may be thinking why VPN’s are involved in this PSA about DDoSing, the reason they are involved is because when you’re connected to a VPN it hides your IP Address.A VPN requires 2 machines – one to act as a server, and one to act as the client. The server IP is publicly known, there’s no way to prevent that. The client IP however is hidden, which is what you want to stop DDoS attack. This does slow down your connection to everything however it does prevent DDoS attacks to a certain extent. I do not recommend keeping a VPN on the whole time you’re on the internet, I would suggest only to turn on a VPN when you’re getting packets sent to you. VPN’s are usually either slow & private, or quick & public. The key is to find a VPN that’s in the middle of the road, not too slow but also quite secure.

Resetting IP - Giggums

In the event that you know or believe that a user has obtained your IP address and has the ability to DDoS you or you want to avoid any possibility of being tracked, it would be wise to reset your IP. The easiest way to do this is as followed:
  • Locate your router
  • After getting appropriate confirmation from the users of your internet, unplug your router
  • Leave your router unplugged for 15-20 minutes
  • Plug your router back in and enjoy no one having your new IP for the time being
Doing this ensures that your IP address will pop of the tracker’s radar as this method provides you a new IP altogether. It is highly recommended to repeat this process as frequently as possible such as during the night when no one is using the internet, or any moment of down time that you may find. The more often you reset your IP address, the more difficult it is for a tracker to obtain it.

DDoSing is Illegal, Period.

Just because you’re attacking someone over the internet does not mean your actions are legal nor acceptable. DDoS attacks are illegal in nearly every developing country where internet usage is prominent. In the UK, the Police and Justice Act of 2006 specifically outlined that DDoS attackers may be punished with up to 10 years in prison. In the US, DDoSing is considered a federal crime under the Computer Fraud and Abuse Act, and can lead to several years in prison.

Don’t think that internet crime won’t lead to real jail time, either. A quick Google search shows that DDoSers have been arrested and gone to trial as a result of their crimes. Because of the prominence of DDoS attacks on behalf of hacktivist groups, and a growing mainstream awareness of DDoSing and its consequences, law enforcement agencies around the world are beefing up their cybercrime divisions, leading to an increasing number of internet-related arrests. Your actions may be digital, but those handcuffs sure won’t be.

And for what? So you can inconvenience someone by taking down their internet for a while? To enact petty revenge on someone? To gain an upper hand in a clan battle? Is that really worth being ostracized, looked down upon, blacklisted, banned, and perhaps even arrested? Any sane person would realize that the act of DDoSing is not worth its consequences.

Conclusion

Dangers such as nukes, guns, and country music unfortunately cannot be wiped away totally: they exist as a consequence of a larger issue. DDoSing is much the same, and its existence will continue so long as people succumb to the desire to wield destructive power over others (via internet connection).

But just because we can’t put the horrors back into Pandora’s box doesn’t mean we are forced to suffer through them. DDoSing is simply another hazard of the internet, no different than phishing links, hackers, or audio ads. But like all hazards, they can be avoided with the smart choices and the right precautions.

Be smart, be safe, and don’t be a victim.

And don't DDoS.

Duh.
 

Yannick

District 13
Joined
May 29, 2013
Messages
2,920
Reaction score
9,509
Thank you! I still don't get to point to DDoS, but then again there are some strange and angry people in this world ;-;
 

Electrix

Peacekeeper
Joined
Aug 31, 2014
Messages
1,815
Reaction score
1,270
Yay! Nice work, guys! I'm hoping to see more of these guides in the future.
 

JoelJCE

Career
Joined
Aug 12, 2013
Messages
360
Reaction score
638
This is a good thread, but you should note under the "Resetting IP" portion of this thread that it will only work if you have a dynamic IP.

If you have a static IP assigned by your ISP, the act of you resetting your router won't flush your IP and you'll also look pretty stupid. If you have a static IP you just have to give your ISP a quick call to have your IP changed.
 

LukeTheCat

Survivor
Joined
Apr 23, 2015
Messages
120
Reaction score
85
Overall, this was a decent PSA with only a few minor errors and some things which could be changed or added. That was, until I got to the section about VPNs.

"A VPN requires 2 machines" is a very ambiguous statement. A typical connection will consist of 2 machines (If you limit machines to just the source and destination, which is what I understand you were describing), but a VPN will increase that to 3 (Client > VPN Server > Destination).

VPNs do not stop you getting DDoSed. It prevents people from getting your IP address while you are connected to the VPN, but it does nothing to stop the actual attack. If someone has your IP, using a VPN won't stop the attack. So, telling people to "turn on a VPN when you’re getting packets sent to you" is a ridiculous statement and won't help at all. Traffic sent directly to your IP will not be routed through the VPN.

"VPN’s are usually either slow & private, or quick & public." That's not true in any way. You could argue that some VPN protocols follow this 'rule' (For example, PPTP vs L2TP), but it's still absurd considering OpenVPN offers 256-bit encryption and is still one of the fastest protocols available from the vast majority of VPN providers.

I recommend rewriting the VPN section, there's an awful amount of misinformation there. Also, for the "Prevent Skype Resolvers" section, I would add that you can use proxies with Skype to prevent contacts from getting your IP.
 
Last edited:
Status
Not open for further replies.

Members online

Forum statistics

Threads
242,243
Messages
2,450,696
Members
523,487
Latest member
bonano