cancel
Showing results for 
Search instead for 
Did you mean: 

What Do you do if you are hit by a (D)DOS attack?

N/A

What Do you do if you are hit by a (D)DOS attack?

If a user here was hit by a DDoS attack or a DoS attack, what should they do, and will plusnet do anything to support them?

buz
9 REPLIES
N/A

What Do you do if you are hit by a (D)DOS attack?

If the attack was aimed at your hostname, you could change the rDNS. Alternatively, if it was aimed at your IP you could request that this be changed. I'm not sure if PlusNet would prioritise these changes if you explained the situation, they might though.
N/A

What Do you do if you are hit by a (D)DOS attack?

hmm just trawling through asking the same question.

have been getting increasing alerts from my firewall of :
ICMP Flood & TCP Flood

wasn't sure if these were causing a problem as i hadn't noticed the connection drop.. but it did seem to be the cause of my woes last night.

can i clamp down my modem any more than i already have?
Community Veteran
Posts: 3,181
Thanks: 19
Fixes: 2
Registered: 31-07-2007

What Do you do if you are hit by a (D)DOS attack?

its not a DDos if the probes are not in the region of the hundreds if not thousands per second. As if closing some p2p apps or some p2p hosted games you can get simmilar results in your firewall.

But if it is a true DDos then if you firewall has the option, enable packet logging and back tracing so you can find out more details as to the culprit. But PN aren't responsible for it, its the ISP of the one doing it that are. But if comming from multiple IP addresses then probably from someone on IRC using Bots they have gleaned with trojans, so they have every day users pc's to use to flood someone at will and very hard to trace the offender.
Unvalued customer since 2001 funding cheap internet for others / DSL/Fibre house move 24 month regrade from 8th May 2017
N/A

What Do you do if you are hit by a (D)DOS attack?

hmm thanks..... any chance of that in english?

i am technically minded but not in terms of computers & communications so most of that post is just a mystery to me.
Community Veteran
Posts: 3,181
Thanks: 19
Fixes: 2
Registered: 31-07-2007

What Do you do if you are hit by a (D)DOS attack?

DDos is a volume attack of lots of little probes which mount up and flood your router or modem so it fails to cope as it has to respond to each and every one so the hardware cant cope and looses connection after it crashes.

So unless you have been getting Hundreds if not Thousands of probes logged by your firewall, then its more likey someone just scanning the IP range you are on. so unless they get a responce from your firewall or router they will forget you and move on.

So comes down to numbers, so how many probes for each entery in the firewall log have you seen? How often are they?
Unvalued customer since 2001 funding cheap internet for others / DSL/Fibre house move 24 month regrade from 8th May 2017
N/A

What Do you do if you are hit by a (D)DOS attack?

righto.... message from my modem/router (it's a netgear) is:

Quote

2004-11-14 21:22:27 - TCP Flood - Source:192.168.0.4
,2258,LAN - Destination:64.91.237.2,80,WAN


looking at the log shows

Quote

Sun, 2004-11-14 21:07:11 - TCP packet dropped - Source:81.174.159.110
,65535 WAN - Destination:81.174.137.82,65535 LAN - [Inbound Default rule match]
Sun, 2004-11-14 21:13:34 - UDP packet dropped - Source:64.4.12.201
,65535 WAN - Destination:81.174.137.82,65535 LAN - [Inbound Default rule match]
Sun, 2004-11-14 21:17:07 - TCP packet - Source:192.168.0.4
,65535 LAN - Destination:64.91.237.2,80[HTTP] WAN - [TCP Flood]
Sun, 2004-11-14 21:18:17 - TCP packet - Source:192.168.0.4
,65535 LAN - Destination:64.91.237.2,80[HTTP] WAN - [TCP Flood]
Sun, 2004-11-14 21:19:29 - TCP packet - Source:192.168.0.4
,65535 LAN - Destination:64.91.237.2,80[HTTP] WAN - [TCP Flood]
Sun, 2004-11-14 21:19:37 - TCP packet dropped - Source:206.24.172.7
,80[HTTP] WAN - Destination:81.174.137.82,65535 LAN - [Inbound Default rule match]
Sun, 2004-11-14 21:19:38 - TCP packet dropped - Source:206.24.172.7
,80[HTTP] WAN - Destination:81.174.137.82,65535 LAN - [Inbound Default rule match]
Sun, 2004-11-14 21:21:11 - TCP packet - Source:192.168.0.4
,65535 LAN - Destination:64.91.237.2,80[HTTP] WAN - [TCP Flood]
Sun, 2004-11-14 21:22:27 - TCP packet - Source:192.168.0.4


again most of this means little to me.
i've googled a few sites on internet security and poked around the plusnet site but not really any the wiser.

i guess you're asking about a greater level of detail than these log entries provide... which means i need to find out how to get that out of my gateway.

thanks for your patience by the way Wink
Community Veteran
Posts: 3,181
Thanks: 19
Fixes: 2
Registered: 31-07-2007

What Do you do if you are hit by a (D)DOS attack?

Looks like it's the SPI aka Stateful Packet Inspection option in your firewall giving fasle positives

Quote
Sun, 2004-11-14 21:17:07 - TCP packet - Source:192.168.0.4
,65535 LAN - Destination:64.91.237.2,80[HTTP] WAN - [TCP Flood]


Source:192.168.0.4 that is a pc on your lan which is trying to talk to bender.servercorp.com

Quote
Sun, 2004-11-14 21:13:34 - UDP packet dropped - Source:64.4.12.201


Source:64.4.12.201 = echo-v2.msgr.hotmail.com

So that is a hotmail address, so do you use MSN? if so the SPI settings on your firewall isnt working properly with it, so a false reading.

But unless you are getting Hundreds of these then there is nothing to worry about. But if you use MSN / IRC / Telnet and get random lost connections with them or stale conenctions I would say your better Not using the SPI option of the routers firewall.
Unvalued customer since 2001 funding cheap internet for others / DSL/Fibre house move 24 month regrade from 8th May 2017
N/A

What Do you do if you are hit by a (D)DOS attack?

cheers.. i'll look into it
N/A

What Do you do if you are hit by a (D)DOS attack?

if you were under a DDOS then you would have about 1000 pages of logs and no net to post on here with :p, Im just upset that Plusnet wont try and help the user by attempting to block the traffic at the main servers Sad