Jump to content

Denial of service attack

Luca662

By Luca662
in Security

 Share

Recommended Posts

Luca662 Newbie

Luca662

Posted
Posted

I just came across an interesting read on Ars technica.

http://arstechnica.com/gaming/news/2009/02...vice-attack.ars

People are now starting to do dos attacks on players through xbox live. The article describes the people using a packet-sniffer to find your ip then flooding you with packets. The packet sniffer is most likely cain and abel or ettercap. I'm curious to know what kind of packet they use to flood their victims. Most people have a small upload bandwith and huge download bandwidth meaning you don't have much to work with. Also, I run a small linux server that handles all my connection (I'm currently trying to get a windows sever up and running) and what would be the best way to protect against this attack?

Link to comment
Share on other sites
Sparda Newbie

Sparda

Posted
Posted
People are now starting to do dos attacks on players through xbox live. The article describes the people using a packet-sniffer to find your ip then flooding you with packets. The packet sniffer is most likely cain and abel or ettercap. I'm curious to know what kind of packet they use to flood their victims. Most people have a small upload bandwith and huge download bandwidth meaning you don't have much to work with. Also, I run a small linux server that handles all my connection (I'm currently trying to get a windows sever up and running) and what would be the best way to protect against this attack?

The only way to defend against this attack and stay online in the context of a web site is really big pipes, and lots of server distributed in different locations. If you just want to stay online in the context of your home connection, just change your internet IP address.

Link to comment
Share on other sites
shonen Newbie

shonen

Posted
Posted

good luck if your ISP only provide static and not dynamic IP addresses. Some ISP are not so quick to respond to such issues and this goes double for Indian technically support staff who think that unplugging and plugging your router/modem back in corrects all ISP related issues. XD

Link to comment
Share on other sites
stingwray Newbie

stingwray

Posted
Posted
I would try and figure out where the packets are coming from and then block them.

Also, being good sport helps too.

No good.

Any half decent DoS attack will spoof their source address of the attack traffic.

At best it is random addresses, at worst they could be claiming to be coming from high-profile targets, which would then limit your use of those legitimate services if you started blocking them.

You also have a bloody difficult job of decided what is attack traffic and what is legitimate traffic.

Link to comment
Share on other sites
decepticon_eazy_e Newbie

decepticon_eazy_e

Posted
Posted
No good.

Any half decent DoS attack will spoof their source address of the attack traffic.

At best it is random addresses, at worst they could be claiming to be coming from high-profile targets, which would then limit your use of those legitimate services if you started blocking them.

You also have a bloody difficult job of decided what is attack traffic and what is legitimate traffic.

Also, if you create an ACL to block them... you are still processing the packet which is what caused the DDOS in the first place.

DDOS attacks are actually very hard to fight, you need help from the ISP upstream to reroute traffic that fits the profile of the attack. Usually the profile of the attack is "legitimate traffic" that you desire, so it makes it very difficult to filter. Most companies that are attacked use the oldest defense in the book... add more bandwidth.

Link to comment
Share on other sites
FireTime Newbie

FireTime

Posted
Posted

You have to be cautious if you decide to block the dDos attack. If the attack is originating from the other players connection you could end up blocking his x-box live connection to your x-box. This was a popular form of hacking that Microsoft has gotten much better noticing. SO you could end up being banned by Microsoft instead of the dDos attacker. So as Sparda stated, just change your IP.

Link to comment
Share on other sites
Razor512 Newbie

Razor512

Posted
Posted

the best way to deal with it is to find the brown note (like in south park) then play it over xbox live voice and make the attacker crap their pants :)

jk

blocking the ips doesn't really stop the attack because your still receiving the data

I have experienced a few DOS attacks but some of them weren't well done, the user was mainly using a simple app to flood, but the user was using the internet connection at a school or some public location to get a really good amount of bandwidth,

depending on the schools network, you can use their connection to do a DOS

it may be a dumb college student or someone who has a friend who is in a location with a good connection who can do the DOS

(PS a dsl connection can DOS a dialup connection, I tried it when kmart used to offer that blue light internet service like 10 hours for free each month)

Link to comment
Share on other sites
decepticon_eazy_e Newbie

decepticon_eazy_e

Posted
Posted
the best way to deal with it is to find the brown note (like in south park) then play it over xbox live voice and make the attacker crap their pants :)

jk

blocking the ips doesn't really stop the attack because your still receiving the data

I have experienced a few DOS attacks but some of them weren't well done, the user was mainly using a simple app to flood, but the user was using the internet connection at a school or some public location to get a really good amount of bandwidth,

depending on the schools network, you can use their connection to do a DOS

it may be a dumb college student or someone who has a friend who is in a location with a good connection who can do the DOS

(PS a dsl connection can DOS a dialup connection, I tried it when kmart used to offer that blue light internet service like 10 hours for free each month)

PS any connection that has a greater upload than the target's download can DOS. You don't need any special software or apps. Just ping with the -t on it and let it go. The trick is to get 1000 of your friends to do the same thing.

This is what brought down the banks and government in Estonia. A couple thousand people sending non stop pings to specific IP addresses. For double the fun, they spoof the return address so a second IP address will get a flood of pings. Which is why the IP address of your attacker is pretty trivial, it's probably spoofed.

Link to comment
Share on other sites
  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...