DDoS - An Ongoing Issue
[introduction]
If you have recently been exposed to a Distributed Denial of Service attack, better known as the term "DDoS", then you are in the right section for information.
The bad news about these DDoS attacks are that some of them do quite a bit of damage and depending on your hosting provider such as your ISP and so forth, it may cost you a lot in bandwidth fees from these attacks which is an unfortunate price to pay.
So you would like to know what are the common causes of these attacks and why is it happening to you?
Well the answer behind that can be due to multiple reasons but the main ones are popularity of the victim and aggression towards the victim.
If you are running a website or a competitive business (such as streaming gaming content), this may give individuals motive to attack you or your business.
I often find that people are being attacked because they antagonize someone (this doesn't mean you) whether it be by trolling or by some other means which in return the attacker decides it would be best to retaliate with brute force by initiating this type of attack towards them.
However, I have seen a lot more attacks caused due to competitive gameplay and streaming now a days.
So.. today.. we're going to be giving tips and advice on how to protect yourself from attacks and if you're still being attacked after the fact, then I have more advice just for that too!
[Cost-Free Protection]
In this section we will be discussing the ways to protect yourself without having to spend any money whatsoever (except for possibly purchasing a router). It sounds almost unbelieveable only because many people promote and encourage the use of third-party services such as: Virtual Private Networks, better known as "VPN", proxies, etc.
Identity - Keeping this part of you confidential and restricted to only trusted friends to whom you know for a fact would never share this information is one of the key ingredients to avoiding attacks.
If your online identity is similar in numerous ways such as you using an email, username, unique name (ex. SuPeR BiLLy boB joE scHmidT) to link you back to a active third-party service or application where a user can add or look you up based on these values, then you are open to an attack.
To begin the process of keeping yourself protected with zero financial cost, start by creating a completely new email address, username that would be unique (something that nobody can guess -- not even your friends) and change your IP address.
Note: It is extremely important that you avoid using your old credentials after changing your IP address because it will most likely result in you being attacked again.
So you would like to change your IP address but don't know how to?
This varies on numerous factors -- your ISP, modem and router. Some ISPs provide a dynamic IP address which changes once a week according to the lease expiry or provide a static IP which CANNOT be changed because it was specifically assigned to you for business/commercial reasons. If you are behind a static IP, you may have to refer to the Cost Protection section for more information. However, if you are behind an IP which is dynamic but has an extremely long release period (IP change), I will provide ways to help get you a new IP as soon as possible.
Again, please keep in mind that changing your IP address varies on the above mentioned factors such as your ISP, modem and router. In North America, most ISPs now a days will give you a modem/router combination meaning that the modem is also a router - allowing both LAN and WAN activity from it.
If you have a modem-router, then changing your IP will be tricky because it will use what is known as "Operating Mode" which is normally locked on the ISP-end and is not available user-end by normal means. Operating Mode: NAT means that your IP will remain the same for an extremely long time (or until the lease expires) because it is using the same MAC address over and over without the option of MAC address spoofing which most, if not all, modem-routers do not support at this time.
So to begin changing your IP while under the environment of a modem-router, you will need to contact your ISP and speak to Tier-3 Technical Support and ask them to change the Operating Mode from "NAT" to "Bridge". Some ISPs do not allow this and will deny you. However, if you explain your situation thoroughly, they may or may not understand you and based on that, may or may not change it for you. If they do understand what DDoS is, they will most likely change it to Bridge Mode on your behalf. If they do not understand what DDoS is, then I'm sorry to say but you will most likely be stuck with the same IP address for a long time until it releases on its own and may have to consider the financial method of DDoS protection.
If your ISP enables Bridge Mode, then you're ready to connect your router and begin the procedures listed below to change your IP address. Refer to "Accessing the Device".
The reason why I'm addressing the modem-router topic first is because the next piece of information I'm about to provide you with will be the same regardless of owning a modem-router or not.
If you are in possession of a modem without a router and are wired directly into your computer, then you are somewhat in the same boat as the Operating Mode ordeal but without the option of enabling Bridge Mode which allows the user to add a router and change their MAC/IP. However, because you are using a modem-only device, you have the option to purchase and/or connect a router which will allow you to change your MAC/IP at will. Some routers do not allow MAC spoofing so it is important to research which routers do allow it. Routers such as the Linksys and Belkin allow MAC spoofing.
[Accessing the Device]
If you have a modem-only and router-only device such as a Motorola modem and a Linksys router, then we are ready to change your IP at your convenience with little-to-no hassle whatsoever.
The default gateway for a Linksys router is: http://192.168.1.1/
The default gateway for a Belkin router is: http://192.168.2.1/
You will be required to login using your username and password credentials. If you do not know your username/password credentials or did not set it up, then you may want to try some of the default username/passwords listed below. If you are still having problems at this point and are not the owner of the device, please consult with the owner of the device and request access to it if it is an available option.
I understand that some people reside in an apartment complex or house which uses a shared network connection and the owner(s) may not give their residents access to the router for security reasons. However, if you do own the device, you can usually find a reset button or use a small pin or a pen to press and hold the reset button down for up to 30-seconds to initialize a full reset on the router's settings. (The firmware will not be reset in most cases)
You may want to try a combination of these to login. Some routers tend to lockout a MAC address from accessing the page for a duration as short as 1-hour if too many failed attempts (approx. 5) are given. This does not mean that you will lose internet access but you will lose the ability to login to the router from that computer for up to one (or so) hour(s).
Username: admin
Username: Administrator
Username: (keep this completely blank)
Password: admin
Password: Administrator
Password: 1234
Password: (keep this completely blank)
Password:: Password
**At this point you may want to make a mental or personal note of your current IP address before proceeding with these steps to ensure your IP has successfully changed. You can do so by visiting Google.com and typing in: "What is my IP?" where it should then tell you "Your public IP address is 127.0.0.1 (example)**
If you have successfully logged in to your router and are using a Linksys or Belkin, then do the following:
1) **Linksys Users** Visit http://192.168.1.1/WanMAC.htm and select the "Enable" option. The "Enable" option may or may not be there depending on the age of the hardware and firmware. If it isn't there but you can clone your MAC, then you're fine either way.
1b) **Belkin Users** Visit http://192.168.2.1/wan_mac.html
2) Press the Clone Mac Address button.
3) Edit the last two alpha/numeric entries (ex. 7A-79-19-65-69-FC -- change this to 7A-79-19-65-69-0A).
4) Save Settings / Apply Changes
5) Unplug the power to your modem and router and wait 30-seconds before plugging the router back in and up to 1-minute for the modem, giving the router a 30-second head start to bootup before the modem kicks in and begins requesting the MAC to assign the IP. (This is optional/required if your IP doesn't change within a short duration after making the changes.)
6) Check the status page on your router to ensure that your IP is different or visit Google.com and type in "What is my IP?" and it will tell you.
If you notice that your IP has changed whether it be drastically noticeable or not (sometimes only the last column of digits change), then you're ready to continue whatever it is you were once doing prior to being attacked. Please keep in mind to avoid using your old credentials for services and applications that might have triggered the attack in the first place as it may result in it happening again.
Please note that some ISPs such as Verizon will provide you with a modem and/or modem-router which has the option to "Change IP" from the modem/modem-router interface. The Change IP option may not be effective at your convenience due to the lease period which in some cases are anywhere from 1-24 hours. Please consult with your ISP for more details regarding the lease expiry if it is not indicated anywhere on the "status" page.
***WARNING***
There are "free" proxies which roam the internet and because they are "free", they may be a victim of a compromised computer and it would be best to stay away from these proxies to avoid legal or incriminating actions towards you as you do not have the consent of the network's owner. Additionally, if you choose to use a public proxy, you may become a victim of traffic sniffing/monitoring which can reveal your login and password credentials for certain sites that you visit. So please be wary of your actions.
[Paid Protection]
There are plenty of companies and websites out there that are offering paid services to protect you from DDoS attacks amongst other things. These services may or may not be expensive depending on what it is you're looking for. If your issue lies within a website where you frequently login to and notice that the attacks may be the cause of that site but you find it absolutely necessary to visit that site for whichever reason, then purchasing a http(s) or socks5 proxy might be the thing for you.
The usage of a system-wide VPN is for complete protection against attacks in every possible aspect from logging onto websites to logging into your applications which you use to communicate amongst friends or business partners. Some attacks may be powerful enough to knock even the VPN offline so if you're having this issue, you may either A) consult with the provider and inform them of the issue and they may be able to firewall the attacking IPs (assuming they're not spoofed), or B) look for a stronger VPN/proxy provider.
Final Note: Though the above information may be very helpful to many, it does not suggest that you or anyone else will be immune from future attacks. This guide was written to help individuals in addition to provide knowledge on how to help prevent easy and advanced ways of being attacked.
