Guild Wars 2

I’m sorry if this is the wrong category, I assumed it’s the right one since the events of last night. Mods could move it if they deem it unworthy for the pvp forum.

So, how do you protect your home computer that has static IP address against a DDoS? If someone sends over 100mb/sec toward my router it will choke. I’m a developer myself and it’s really difficult to safeguard our services against DDoS (been a victim of them couple of times) and we’ve elevated 3rd party services and linux firewall blocking rules and we’ve tinkered with the linux kernel settings to safeguard against the most stupid types of DDoS that exploit the time and date functionality of modern OSes, syn flood protections, connection throttle and basically you name it. But we are talking Windows in here.

I mean … if the attacker knows your real IP address you’re pretty much done for :o Even VPN isn’t helpful because a strong enough DDoS would choke your router and you’ll be unable to “talk to” that VPN.

You could use some fancy Cisco router that has some integrated DDoS recognition and protection (which doesn’t come cheap) but what else there is?

There’s certainly nothing ANet could do, that’s for sure. As much as people love to bash them this is kind of out of their hands. The biggest problem with DDoS is that sometimes they are so powerful, they choke the whole network, not just the victim computer.

tl;dr – What do gamers use to protect their home machines from being DDoSed on a static IP address? I’m curious because I actually think the methods you use to mitigate this are useless but I would love to be proven wrong!

One fix is to buy better bandwidth connection, however in some areas those are considered luxury and do not come cheap.

There’s literally nothing you can do to prevent it, only mitigate the attack. But I guess if someone really wanted to, they’d restrict all inbound requests and only leave open GW2/voice comms traffic when they play.

If you’re overly concerned then go purchase a VPN that market towards gamers.

I don’t think a VPN would work out if the DDoS is significant. Basically they flood the open UDP ports or SYN flood any open ports you may have. Technically your OS’s networking should be terrible because it’s going to keep resources for inbound connections.

With that said, DDoS needs open ports on the target machine. Otherwise every semi-decent firewall will kill the inbound connections.

Masking the IP address is a good suggestion.

so here’s my take on this DDos debacle, 1. how likely u get DDos? u have to be either really famous and enough nerd to be mad at u for that to happen. 2. getting attack during tourney automatically points that a supporter of opposite team is doing it, and it cannot be proven. also is now the biggest excuse of pro players instead of saying the usual oh im lagging excuse? i experience ping spikes to 10k before which is unheard of in my area, then after a game, i was ok. i dont think i get ddos attack. i blame my isp for kittenty service.

firstly, how do they managed to obtain the ip address to ddos you?
secondly, prevention is as simply as not doing things that let them obtain the ip address, no?

When sPvP first began, the issue was that TS servers were open so people could find your IP from off the TS server. Once they knew it, they could DDoS it. IP addresses don’t change often so once you know it for awhile, good chance is it will stay that way. The only thing that you can control is doing a release/renew from the router connected to your ISP and hope you get a new IP address. You also need to secure your entire TS server so people can’t find your IP.

VPN’s allow you to extend your LAN to other systems but it won’t prevent a DDoS since your router is always external facing. Also, make sure your IP address is never in a screen shot or stream that you are doing. Then it becomes public domain.

Don’t ever post in unofficial fan forums. Those databases log ip addresses, and they are very easy to get into. Don’t use peer to peer communications. Realistically, there isn’t much you can do. However if they really are doing a dos attack, that can get the ISPs and feds involved since it is likely drawing enough traffic into the system to disrupt more than just your connection.

SkyShroud.2865:

firstly, how do they managed to obtain the ip address to ddos you?
secondly, prevention is as simply as not doing things that let them obtain the ip address, no?

Most voicechat software will show your IP to the server admins at the very least if not everyone.
Also as the above poster mentioned third party fan sites.

It’s also plausible that a person could gain enough information about a account to impersonate that person to a customer service rep, at which point they might be able to get the IP by asking the rep to verify their last login location for whatever made up reason.

SkyShroud.2865:

firstly, how do they managed to obtain the ip address to ddos you?
secondly, prevention is as simply as not doing things that let them obtain the ip address, no?

I can extract your IP address if I know your skype name, basically. Among other methods. Or I email you with “hey dude, check this awesome vid” and my link will eventually redirect you to youtube but not before i’ve recorded your IP address and user agent (aka web browser)

Faux Play.6104:

Don’t ever post in unofficial fan forums. Those databases log ip addresses, and they are very easy to get into. Don’t use peer to peer communications. Realistically, there isn’t much you can do. However if they really are doing a dos attack, that can get the ISPs and feds involved since it is likely drawing enough traffic into the system to disrupt more than just your connection.

It’s borderline impossible to find the initiator of DDoS. The nature of the attack is such that people who actually are involved in DDoS do not know it. Instead they have a computer virus who’s just waiting for orders. It takes a lot to takedown a botnet. Look at Microsoft, with all their knowledge about their users they still need months if not years to takedown a botnet, and they are actively trying!

And yeah as the guy above said, not just skype, most if not all client <-> server technology is probably exposing your IP address. That’s just how the internet works. You can imagine it as a telephone network in which everybody has a phone number and you use that phone number to call (connect) to other people and they know who’s calling.

heres the thing, will ppl actually go through that extra miles to obtain ip address? address that might not be static?

yes, is rather easy to obtain address via skype, public voip and so on
but will people actually go beyond that to create public sites and so on to obtain ip address? is not like you are some big shot.

SkyShroud.2865:

heres the thing, will ppl actually go through that extra miles to obtain ip address? address that might not be static?

yes, is rather easy to obtain address via skype, public voip and so on
but will people actually go beyond that to create public sites and so on to obtain ip address? is not like you are some big shot.

It’s actually very easy to do since the browser sends this info everytime you request to open a webpage.

Sometimes when you use a web proxy, the proxy providers attach extra headers to your request which contain your real address, so thinking that using proxy maeks you safe by default is a big problem.

And idk when I told you about public sites, i didn’t mean a real page.
Here’s an example. Have you heard of those URL shortening services? Like bit.ly t.co etc etc. You can mask a bad URL in a bit.ly and send it to someone via text message

1) The victim clicks the bit.ly link believing that it’s a youtube vid since you said its a super funny vid too
2) The Bit.ly address you gave the guy actually resolves to yoursite.com
3) Which in turn saves the user’s IP address and immediately redirects to Youtube
4) Victim seems the video and business as usual

But you actually stored some data about that user. Including the OS version, web browser and IP address of the user.

To protect from Ddosing is simple, Prevention is the best cure.
Skype is the major cause of Ddosing. Get rid of it. I could not begin to explain how easy it is to get an IP in skype and how this has been the main cause of ddosing in wow.
Junk the program and you will see most of the problem go away (change your name, picture etc before you do that).

There is a think called “Blackholing” which is a way to reject ip spam from a specific location. In general this will get rid of Distributed DDOSing attacks as they are more static then others (in general for the script kiddies).

Blackholing may or may not cause problems depending, but in general its ok for a gamer to use it. if you want to stop it, do that.

Another option is change your ip (5-10$ from isp usually) when you find out where its coming from. Dont forget, a server admin on your ventrilo/ts etc could be the cause. protect your information with a VPN if possible, it will help significantly.

Skype is 90% of the problem. Without it these kids don’t have a way of figuring out your IP.

VPN shouldn’t be needed nor am I sure it would work, at least the free ones.

The other ways are clicking links i(don’t think this works in gw2 but some games have html access)

Or they’d have to be hosting/own the server (again not applicable to gw2)

Or be connected with you some other way (mumble)

Basically if you are only connecting via gw2, short of hacking gw2 servers, they will not be able to get your IP. DDoSers being the least sophisticated, and lowest of the low brow script kiddies, cannot do that. Therefore if you get DDoSd you are broadcasting your IP in some way that has nothing to do with gw2. Same goes for any other game like LoL that hosts their own servers.

You don’t need a VPN to not broadcast your IP (for the purpose of this discussion). You just need to find all your services that might be doing it. VPNs are for hiding your IP and data from services you are connecting to. Neither of which is very important for preventing a DDoS.

To summarize, your IP becomes known by connecting to a service. In this case you are connecting to gw2 servers which keep it private. If they are getting your IP it is because you are using some other service which isn’t keeping it private.

ps @anari AFAIK blackholing would be done with some sort of ip route <network>command. None of which you have access to at a home router gui. He would also need to know the ip address range from which he was being attacked.

Source: studying to become a network engineer.

Can’t really do much if they have your IP already. Can ask your ISP to change it.

That being said i don’t think private users really have static IP for that matter. Only companies and ppl who want/can afford it do. Generally as private user you get new IP every 24 hours.
And as said before, Skype atm is main culprit.

Ravenmoon.5318:

SkyShroud.2865:

heres the thing, will ppl actually go through that extra miles to obtain ip address? address that might not be static?

yes, is rather easy to obtain address via skype, public voip and so on
but will people actually go beyond that to create public sites and so on to obtain ip address? is not like you are some big shot.

It’s actually very easy to do since the browser sends this info everytime you request to open a webpage.

Sometimes when you use a web proxy, the proxy providers attach extra headers to your request which contain your real address, so thinking that using proxy maeks you safe by default is a big problem.

And idk when I told you about public sites, i didn’t mean a real page.
Here’s an example. Have you heard of those URL shortening services? Like bit.ly t.co etc etc. You can mask a bad URL in a bit.ly and send it to someone via text message

1) The victim clicks the bit.ly link believing that it’s a youtube vid since you said its a super funny vid too
2) The Bit.ly address you gave the guy actually resolves to yoursite.com
3) Which in turn saves the user’s IP address and immediately redirects to Youtube
4) Victim seems the video and business as usual

But you actually stored some data about that user. Including the OS version, web browser and IP address of the user.

yes, but u still have to find ways to give that address to that person to click it
well, if that guy is simple minded, then yea.

what i simply saying is will there be people who actually put it more efforts to obtain ip addresses. afterall, it is not as simple as logging onto skype or teamspeak and camp for that guy then getting it without interacting with target.

to obtain ip address through interacting with the target is whole new different story. unless the target is stupid enough to press any link from a unknown sender. otherwise, it is rather challenging. again, will someone actually put in that effort to do so?

Unless you have a dedicated line (usually T1) you are most likely using a shared one and your IP will change. You can often force it to change by unplugging your router for 20 mins.

Mightybird.6034:

Skype is 90% of the problem. Without it these kids don’t have a way of figuring out your IP.

VPN shouldn’t be needed nor am I sure it would work, at least the free ones.

The other ways are clicking links i(don’t think this works in gw2 but some games have html access)

Or they’d have to be hosting/own the server (again not applicable to gw2)

Or be connected with you some other way (mumble)

Basically if you are only connecting via gw2, short of hacking gw2 servers, they will not be able to get your IP. DDoSers being the least sophisticated, and lowest of the low brow script kiddies, cannot do that. Therefore if you get DDoSd you are broadcasting your IP in some way that has nothing to do with gw2. Same goes for any other game like LoL that hosts their own servers.

You don’t need a VPN to not broadcast your IP (for the purpose of this discussion). You just need to find all your services that might be doing it. VPNs are for hiding your IP and data from services you are connecting to. Neither of which is very important for preventing a DDoS.

To summarize, your IP becomes known by connecting to a service. In this case you are connecting to gw2 servers which keep it private. If they are getting your IP it is because you are using some other service which isn’t keeping it private.

ps @anari AFAIK blackholing would be done with some sort of ip route <network>command. None of which you have access to at a home router gui. He would also need to know the ip address range from which he was being attacked.

Source: studying to become a network engineer.

Actually this is not true.
You can obtain the IP/MAC info in the “Logs” Area of the network.
All you have to do is know how to log in, identify the spam (which is straight forward) and then blackhole it via cmd prompt.

Black holing something is not hard, but its tricky at time (not to hit the wrong stuff) not hat its hard to remove it, just can be touchy at times (thats the real down fall to it).

There is a new company that is working on being a new technology, that uses cloud to fish out DDOSING. Its expensive for the average person (i think another 80$ a month) but its capable at current of removing 76% Of the ddosing attacks.

Im sure they can get rid of these little kiddies and their games with that tech (if you have the money for it). Other wise black holing and similar approaches are needed.

Right, I never said he couldn’t, but that is still beyond most people. Edit …windows cmd level? Wouldn’t do anything.

A blackhole is just a catchy phrase for a null route.

I am pretty sure you are confused. Doing it at that level (your pc) would not prevent your router from suffering a DDoS. It might protect your computer but not your ISP connection. It would basically be a firewall.

Blackholing is usually done on an ISP level, or at least as far upstream as possible (on a router) to keep the noise out of your network. It just makes no sense doing it on your own computer. Or doing it on a one router LAN.

It is also not a very optimal protection because the DDoSer can just change the networks from which he is attacking from.

I would love to hear these cmd windows commands that will prevent DDoS though.

Unless you are thinking of telnet or ssh into router, but the vast majority of home routers are not capable. (as you can run telnet through cmd and enter a router CLI for those that are capable)

Call your ISP and request a new IP

Install wireshark, it breaks down packets so you can see mac address / ip address info

when you think you’re having a ddos pull up cmd type netstat -a to see which process ID sessions are pointing to which IP address, what firewall are you using?

“Guild Wars 2 requires TCP ports 80, 443, and 6112 to be fully unrestricted and accessible, both inbound and outbound.”

Monitor your firewall via web browser or console and see which ip’s are accessing which ports at a high demanding rate, pull up cmd and “tracert” to see which routers the high demanding ip address is coming from.