DDoS explanation and protection

First Riot Post
12345 ... 10
Comment below rating threshold, click here to show it.

Sevaara

This user has referred a friend to League of Legends, click for more information

Senior Member

28-03-2013

Dear League of Legends community,

Something grabbed my attention recently. It is something that has been occurring consistently in online gaming for some time now and it is an issue that needs addressing immediately. I am in fact talking about DoS attacks (Denial of Service). League of Legends has not seen many DDoS attacks but with the rise in cybercrime and the law enforcement not being able to track the minor offences, DDoS attacks are increasing daily. Some of you may have seen an article 1-2 weeks ago involving Hexo, team manager of GGU (Good Game University) who has been allegedly been using this method to gain an advantage over his opponents.

For those of you who do not know what a DDoS attack is, I have prepared a quick explanation to help you understand how a DDoS works and the damage it causes not only to gamers but to major companies around the globe.

Explanation ( http://i.imgur.com/zX2ToPT.png )

DDoS
First of all, you have what we refer to as a master/handle (a) who commands the attack from their PC. In order to carry out a successful and powerful DDoS attack they need to establish a botnet and populate it with ‘zombies’ or ‘bots’. The most common way of populating a botnet is to distribute a Trojan which allows the attacker to then use your computer in future attacks. Once the botnet is populated, the attacker then chooses a victim and the only thing they need is their victim’s IP address. For a DDoS attack, the main targets will be servers although they can carry out a DDoS on a home network. The IP of a home network is most commonly obtained via Skype (ignore all those Youtube videos about people obtaining IP addresses through the hacked version of Skype, it was patched). Any traffic monitoring program is capable of capturing the victim’s IP address with the use of Skype (I’m not going to explain how; I don’t want to encourage or condone the use of DDoSing within this community). So the attacker has populated and configured their botnet, they have obtained the victim’s IP address, now what? The command is given. The attacker sends the command to the botnet (essentially a database of infected PCs to use at their disposal), the infected PCs then respond to the attackers command and begin to send endless packets of data to the victim’s IP address. This slows the victim’s connection until it gradually comes to a halt. Obviously the time it takes to completely kill the connection varies depending on what speed the victim is currently on and how strong the attacker’s botnet is.

DoS
This is the attack used mostly against home networks due to the lack of power it puts out, a DoS is essentially the same as a DDoS but without the botnet. The attacker will use a piece of software that will overload a router with packets until the connection crashes. The difference between a DoS and a DDoS is simply the botnet, the botnet provides a ridiculous amount of power and therefore those resources are mostly put to use against servers/websites rather than home networks.

Why should you listen to me?
I’m currently studying Computing Networking and Security at one of the best computing specialised Universities in England. I’m also studying to be a certified ethical hacker. I've also helped Zilea (Paladin, World of Warcraft, former Blizzcon world championship winner) against a DoS attacker. Not only did I help him to protect himself from DoS attacks, I also tracked the attacker and reported them to the police (I have experience in this kind of thing).

Precautionary measures
Basically, you need to read this if you are streaming your games because you are a primary target due to the easily obtainable IP address. First of all, do NOT give out your Skype, that will leave you susceptible to a DDoS attack. If you are not using this program already, I suggest you download it. Stream Privacy allows you to hide certain applications from appearing on stream and as a result, your Skype name will be unobtainable by the hacker.

Stream Privacy: http://www.teamliquid.net/forum/view...opic_id=225200

If you are currently being harassed and attacked by a DDoS, reset your router/modem and hope to god you have a dynamic IP address. Once your router/modem has reset, make sure your IP address has changed and then install Stream Privacy. If you do not stream and you are being harassed and attacked by DDoSers then I suggest you do a full scan of your PC and if you have the patience, a clean install of your OS. Also, clear out your Skype contact list for any suspected attackers. If you still find yourself under attack, you may want to consider a VPN service. I personally have not used a VPN service in the UK so I can’t recommend any at this time but for a small fee, you will be able to register for a reliable VPN service.

Also, DO NOT MAKE YOUR IN-GAME LOL NAME THE SAME AS YOUR SKYPE NAME.


If anybody has any questions, feel free to ask!

EDIT: Just adding a little bit more information.

Your IP address can be obtained by anybody via any VoIP or P2P program. For example, Skype, MSN, Aim, IRC etc.

DDoS in the media
Recently, there was a DDoS attack on Spamhaus labeled the biggest DDoS attack in history (reaching 300GB/s), at one point slowing down major internet services such as Netflix. Here's a few articles to learn more;
Spamhaus attack article 1: http://www.computerworld.com/s/artic...2&pageNumber=1
Spamhaus attack article 2: http://www.informationweek.com/secur...0151895?pgno=1
Spamhaus attack article 3: http://arstechnica.com/security/2013...eatening-size/
Spamhaus attack article 4: http://arstechnica.com/security/2013...spamhaus-ddos/
Spamhaus attack article 5: http://arstechnica.com/information-t...s-destruction/

American Express attack article 1: http://motherboard.vice.com/blog/a-d...k-down-amexcom
American Express attack article 2: http://www.benzinga.com/news/13/03/3...ing-dos-attack

Wells Fargo Bank attack article 1: http://www.scmagazine.com/wells-farg...rticle/286573/

These attacks were in the past week, several more attacks have been carried out this week and although these are attacks on servers and websites, the same method is applied to attacking a home network and if you spend 10 minutes researching DDoS attacks, you'll see that it is on the rise.


Unrelated sort of.

A couple of people are arguing about white hats, grey hats and black hats and whether they are in the right in not. I'm just going to summarize what each one does for you;

White Hat
White hats are the good guys, the ethical hackers who use their hacking skills for defensive purposes. White-hat hackers are usually security professionals with knowledge of hacking and the hacker toolset and who use this knowledge to locate weaknesses and implement countermeasures. White-hat hackers are prime candidates for the exam. White hats are those who hack with permission from the data owner. It is critical to get permission prior to beginning any hacking activity. This is what makes a security professional a white hat verus a malicious hacker who cannot be trusted.

Gray Hat
Gray hats are hackers who may work offensively or defensively; depending on the situation. This is the dividing line between hacker and cracker. Gray-hat hackers may just be interested in hacking tools and technologies and are not malicious black hats. Gray hats are self-proclaimed ethical hackers, who are interested in hacker tools mostly from a curiosity standpoint. They may want to highlight security problems in a system or educate victims so they secure their systems properly. These hackers are doing their "victims" a favor. For instance, if a weakness is discovered in a service offered by an investment bank, the hacker is doing the bank a favor by giving the bank a chance to rectify the vulnerability.

Black Hat
Black hats are the bad guys: the malicious hackers or crackers who use their skills for illegal or malicious purposes. They break into or otherwise violate the system integrity of remote systems, with malicious intent. Having gained unauthorized access, black-hat hackers destroy vital data, deny legitimate users service, and just cause problems for their targets. Black-hat hackers and crackers can easily be differentiated from white-hat hackers because their actions are malicious. This is the traditional definition of a hacker and what most people consider a hacker to be.

Quoted word for word from "CEH: Certified Ethical Hackers Study Guide" written by Kimberly Graves, Chapter 1, Page 4.


Quote:
Originally Posted by CyCl0pS
Stream Privacy has nothing to do with DDoS attacks for real. You can use Stream Privacy to hide some windows from the stream and nothing more.

So unless the OP explains how he thinks that Stream Privacy helps with DDoD, that topic is ****!
Read it properly. DoS attacks happen a lot to streamers because you can easily obtain an IP address through Skype. When I see a Skype window on a stream and there Skype name is clearly visible, I can grab their IP within a minute or less. Stream Privacy means your Skype window is hidden from Stream viewers at all time. That's why, read thoroughly before calling my topic ****.

CloudFlare
"CloudFlare protects and accelerates any website online. Once your website is a part of the CloudFlare community, its web traffic is routed through our intelligent global network. We automatically optimize the delivery of your web pages so your visitors get the fastest page load times and best performance. We also block threats and limit abusive bots and crawlers from wasting your bandwidth and server resources. The result: CloudFlare-powered websites see a significant improvement in performance and a decrease in spam and other attacks.

CloudFlare's system gets faster and smarter as our community of users grows larger. We have designed the system to scale with our goal in mind: helping power and protect the entire Internet.

CloudFlare can be used by anyone with a website and their own domain, regardless of your choice in platform. From start to finish, setup takes most website owners less than 5 minutes. Adding your website requires only a simple change to your domain's DNS settings. There is no hardware or software to install or maintain and you do not need to change any of your site's existing code. If you are ever unhappy you can turn CloudFlare off as easily as you turned it on. Our core service is free and we offer enhanced services for websites who need extra features like real time reporting or SSL."


A month or so ago a huge DDoS attack took place reaching 300GB/s whereas the average DDoS attack only reaches 50GB/s, CloudFlare helped companies defend against this massive attack and as a result the site stayed online. CloudFlare can be quite pricey and are necessarily used for company sites and servers so if you do own a company, I suggest opening an account. They also protect against other spam attacks such as SQL Injections which I will not go into at this time.

https://www.cloudflare.com

Update: Destinys guide

I found Destinys guide and it covers what I cover with some more in-depth information such as forcing Skype to use a proxy which Ill paste here.

Forcing Skype to Use a Proxy

1. Download Widecap (http://widecap.ru/en/download/)

2. Install from the “set-up.exe”.

3. Run the program and a wonderful fun box will pop up. Under “Proxies”, click “New Proxy”, and enter 127.0.0.1:8080 for the Server:Port box, select the bubble next to “Socks v5″, and for “Chain” you can simply leave it as “Unused”. It should look like this.

4. After you’ve set this up, click “View Programs”. You now need to find where Skype is installed on your computer, then click and drag “Skype.exe” into this white box. It should look like this, though it may vary based on where you’ve installed Skype. The important part is the “Skype.exe” at the end. Be careful not to simply click/drag a shortcut into here, but the actual .exe itself.

5. Right click on the Skype entry you’ve created within Widecap, and click “Modify Application”.

6. Click “Create new…” next to the empty “Rule Name” box.

7. In the next box that comes up, click the “Chain” tab. There should be a drop down menu under the words “Proxy chain to be used:”, select “Unused” from that drop down menu. Your proxy should pop up with a check mark next to it. It should look like this. Click “OK” at the bottom.

8. Under “Rule name”, it should now say “New rule #1″. Press “OK” at the bottom. Now restart Skype, and it should be running through your VPS!


Credit to destiny for the Skype proxy instructions.
http://www.destinysc2.com/how-to-pre...nown-as-skype/


Comment below rating threshold, click here to show it.

Pähkinänsärkijä

Senior Member

28-03-2013

I just came to +1 you, always nice to see people help others on their free time asking nothing in exchange


Comment below rating threshold, click here to show it.

DeLivered

Member

28-03-2013

Quote:
Originally Posted by Phkinnsrkij View Post
I just came to +1 you, always nice to see people help others on their free time asking nothing in exchange
Likewise +1


Comment below rating threshold, click here to show it.

Aapalahti

This user has referred a friend to League of Legends, click for more information

Senior Member

28-03-2013

+1 hopefully this helps


Comment below rating threshold, click here to show it.

Sevaara

This user has referred a friend to League of Legends, click for more information

Senior Member

29-03-2013

bump


Comment below rating threshold, click here to show it.

GCravinho

Senior Member

29-03-2013

Thank you,nice help! +1


Comment below rating threshold, click here to show it.

Entenzwerg

This user has referred a friend to League of Legends, click for more information

Senior Member

29-03-2013

Quote:
If you are currently being harassed and attacked by a DDoS, reset your router/modem and hope to god you have a dynamic IP address.
You can easily check this (if you dont know) by going to a side which shows your IP (obviously not on stream, chaox!) before and after the reset (for me it takes ~10 minutes to get a new IP - stupid router doesnt let me reset it without hardresets)

The mentioning with streamprivacy etc. Only works if you 100% trust anyone with your skype name, your skype name is not searchable (no same/similar names no known email adresses etc) + dont accidently leak your skype.. ever.
All it takes to get the IP is the Skype name.
What you can do (besides using vpn or proxies, no just using a proxy in skype doesnt work - you have to do more) is: Shutoff skype and reset your IP every time you stream. Only shutting off skype doesnt work you can still get the IP through an offline skype.

Yep Skype sucks. (you can also get the IP through IRC but that is way easier to prevent )


Comment below rating threshold, click here to show it.

Sevaara

This user has referred a friend to League of Legends, click for more information

Senior Member

29-03-2013

Quote:
Originally Posted by Entenzwerg View Post
You can easily check this (if you dont know) by going to a side which shows your IP (obviously not on stream, chaox!) before and after the reset (for me it takes ~10 minutes to get a new IP - stupid router doesnt let me reset it without hardresets)

The mentioning with streamprivacy etc. Only works if you 100% trust anyone with your skype name, your skype name is not searchable (no same/similar names no known email adresses etc) + dont accidently leak your skype.. ever.
All it takes to get the IP is the Skype name.
What you can do (besides using vpn or proxies, no just using a proxy in skype doesnt work - you have to do more) is: Shutoff skype and reset your IP every time you stream. Only shutting off skype doesnt work you can still get the IP through an offline skype.

Yep Skype sucks. (you can also get the IP through IRC but that is way easier to prevent )
Of course, the majority of broadband customers should actually have a dynamic IP but you do occasionally see the odd static IP which sucks.


Comment below rating threshold, click here to show it.

Sevaara

This user has referred a friend to League of Legends, click for more information

Senior Member

29-03-2013

Updated a bit, I wrote this guide when I was pretty damn tired and may have caused a bit of confusion with DDoS and DoS, added another section so it's easier to understand.


Comment below rating threshold, click here to show it.

BlãckWarGreymon

This user has referred a friend to League of Legends, click for more information

Senior Member

29-03-2013

Quote:
Originally Posted by Entenzwerg View Post
You can easily check this (if you dont know) by going to a side which shows your IP (obviously not on stream, chaox!) before and after the reset (for me it takes ~10 minutes to get a new IP - stupid router doesnt let me reset it without hardresets)

The mentioning with streamprivacy etc. Only works if you 100% trust anyone with your skype name, your skype name is not searchable (no same/similar names no known email adresses etc) + dont accidently leak your skype.. ever.
All it takes to get the IP is the Skype name.
What you can do (besides using vpn or proxies, no just using a proxy in skype doesnt work - you have to do more) is: Shutoff skype and reset your IP every time you stream. Only shutting off skype doesnt work you can still get the IP through an offline skype.

Yep Skype sucks. (you can also get the IP through IRC but that is way easier to prevent )
Out of interest, shouldn't it be enough to just not log into Skype after having your IP reset? After all, as long as you don't connect to Skype, nobody should be able to get your actual IP from their servers.


12345 ... 10