How do you block or "filter" a DDoS attack for a home network? - Hardware & Software

Through a physical firewall? I'm not sure. I know a lot about these attacks and would like to know how to block one on my network. I have a few game servers running on a dedicated server within my home. I know what you're thinking, shit internet. That's not the case. Hosting these servers myself makes me susceptible to these kinds of attacks. What would I need to buy to simply block them, or is there even anything?

Im pretty sure there are some freeware firewalls out there that are trained to block overflows, but obviously only on your computer/server

RioRey RX1810, dunno how much the thing cost.

Honestly, you can't. The weakest link in your network is almost certainly your connection to your ISP. That's the line that will be clogged first. No matter how good your firewall is, unless it's on the other side of that connection, it can't stop it. That's not to say a firewall is useless - it's not. However, stopping a DDOS isn't really possible. Your only defense is to have a faster, bigger connection than whoever's attacking you can fill. That said, I think you're worrying too much. Nobody's going to DDOS your little game server.

You can always change your IP, and you can try setting up a firewall on a spare computer, like Smoothwall.

You could report the offender to the police...Provided you keep a log of the time they may be able to track who had that address at that specific time and hopefully locate them. That is, unless they use a proxy, which is most likely. In which case you could follow up with the proxy provider, but then by that time the DDOS would have ended and there would be little point

Most of the time game servers are DoS'd, it's just an angry, banned 12 year old. Take the server down for 10 min after you see the DoS, they think they succeeded, turn it back on and keep playing.

[QUOTE=robmaister12;29026533]Most of the time game servers are DoS'd, it's just an angry, banned 12 year old. Take the server down for 10 min after you see the DoS, they think they succeeded, turn it back on and keep playing.[/QUOTE] this

Actually, I just remembered an article saying that a firewall will actually make DDoS attacks [i]worse[/i] for you. The article is [url=http://www.itworld.com/security/135495/ddos-attacks-made-worse-firewalls-report-finds]here[/url], with discussion [url=http://it.slashdot.org/story/11/02/01/181200/Firewalls-Make-DDoS-Attacks-Worse]here[/url]. Of course, it's probably still good to have a firewall if you're using public IP space (if you're behind a NAT, you should be OK with just the OS's firewall). A firewall just isn't going to do anything to stop a DDoS - it's not designed to, and it probably isn't positioned to. Unfortunately, having done some research, it seems that the DDoS is effectively unblockable. The only defense is to have more brute-strength bandwidth than your attackers. Unless you're a particularly big company, or have particularly pathetic enemies (try pissing off the Amish :D), you can't stop a DDoS, only endure it.

Thanks for the replies. I'm concerned because I know a community of hackers that can easily get a real DDoS program, and it is effective. Even I can go get the program now. @robmaister12 I wouldn't be able to take the server down because my network would already be flooded

[QUOTE=alphaspida;29027212]Thanks for the replies. I'm concerned because I know a community of hackers that can easily get a real DDoS program, and it is effective. Even I can go get the program now. @robmaister12 I wouldn't be able to take the server down because my network would already be flooded[/QUOTE] That doesn't make sense, if it's on your network you can turn it off, if it's on another network, your network won't be affected since they'll be attacking the server - then I guess I can see that not working if you can't connect to the server to turn it off.

[QUOTE=alphaspida;29027212]Thanks for the replies. I'm concerned because I know a community of hackers that can easily get a real DDoS program, and it is effective. Even I can go get the program now. @robmaister12 I wouldn't be able to take the server down because my network would already be flooded[/QUOTE] DDoS programs are ludicrously simple to find. Hell, you can do it with the basic ping command, at least on Linux. As I've said, a DDoS will only take out whatever connection in the network is smallest. In your situation, I guarantee you that it's the connection between your router and your ISP. Thus, you will still be able to log into your server over the LAN and temporarily take it down. Hell, you might even be able to play a LAN game on it while the DDoS is going on - I know I'd be able to on my home network, with it's 100-megabit Ethernet and 20-megabit-on-a-good-day Internet.

It really depends on what type of attack the DDoS uses. If you are paranoid, invest in a SPI firewall

[QUOTE=alphaspida;29027212]Thanks for the replies. I'm concerned because I know a community of hackers that can easily get a real DDoS program, and it is effective. Even I can go get the program now. @robmaister12 I wouldn't be able to take the server down because my network would already be flooded[/QUOTE] you know that wire that goes from the back of your modem to the internet line coming into the house (whether that's a coax cable or your phone line or whatever)? yeah, just unplug it for 10 minutes. LAN will still be operational, everyone trying to DDoS you will see your server as down. And a "community of hackers that can easily get a real DDoS program" will have no reason to target you, unless they're all 12 and you banned them all. Everyone else should be mature enough to deal with it.

If it's possible, get a second IP address, if the main IP is DoSed, then just move to the 2nd.

[QUOTE=gman003-main;29027279]DDoS programs are ludicrously simple to find. Hell, you can do it with the basic ping command, at least on Linux. As I've said, a DDoS will only take out whatever connection in the network is smallest. In your situation, I guarantee you that it's the connection between your router and your ISP. Thus, you will still be able to log into your server over the LAN and temporarily take it down. Hell, you might even be able to play a LAN game on it while the DDoS is going on - I know I'd be able to on my home network, with it's 100-megabit Ethernet and 20-megabit-on-a-good-day Internet.[/QUOTE] Is it me or did one of the braniest people in the H&S just confuse DDoS with DoS? I thought DDoS was basically an entire botnet DoS'ing you, hence the "distributed" in DDoS. :v: I could be wrong, I just woke up, so... [editline]7th April 2011[/editline] Don't hurt me. :saddowns:

You need a bot net DDoS atacking some IP to actually do something effective to someones Computer/Server with average internet connection. Those 12 years old kids who call themselves "hacker" just got some DDoS program and use it on you and think they're so pro hackers now and you shouldn't mess with them

[QUOTE=TheTiger;29031835]You need a bot net DDoS atacking some IP to actually do something effective to someones Computer/Server with average internet connection. Those 12 years old kids who call themselves "hacker" just got some DDoS program and use it on you and think they're so pro hackers now and you shouldn't mess with them [/QUOTE] That's why you put RATs on other PCs (e.g. the library, etc.) and rape the IP with spam xD Those kiddies probably don't even know what CMD is or TelNet. Those noobs, I can hack them anytime, easily. And real hackers use their 'own' DDoS methods/programs that they made which isn't really hard to make. Anyways, back to the OP. You can always use this option where you IP block some IPs that spam over a specific limit, it really depends on the protocol and stuff.

[QUOTE=garychencool;29033672]Those kiddies probably don't even know what CMD is or TelNet. Those noobs, I can hack them anytime, easily.[/QUOTE] And if you're on Windows and are weird enough to use telnet, chances are those script kiddies can hack your shit too!

A former intern was operating a bot net here at school we have a couple of fibre lines. He had infected all the places he'd been interned at so a couple of places. My first year Html prof found his shit in the logs and located the machine's IP he was using in the school his home IP and all the IP's in the bot net. He lost his job was convicted and pretty much ruined his career. Fucking tard. Anyway you can't stop DDOS all you can do it log it and report it.

[QUOTE=moesislack;29035119]A former intern was operating a bot net here at school we have a couple of fibre lines. He had infected all the places he'd been interned at so a couple of places. My first year Html prof found his shit in the logs and located the machine's IP he was using in the school his home IP and all the IP's in the bot net. He lost his job was convicted and pretty much ruined his career. Fucking tard. Anyway you can't stop DDOS all you can do it log it and report it.[/QUOTE] but yet again: proxies and foot-printing makes it harder

A community of whatever with an access to a DDoS program is called kiddies with Low-Orbit Ion Cannon. [QUOTE=garychencool;29033672]That's why you put RATs on other PCs (e.g. the library, etc.) and rape the IP with spam xD Those kiddies probably don't even know what CMD is or TelNet. Those noobs, I can hack them anytime, easily. And real hackers use their 'own' DDoS methods/programs that they made which isn't really hard to make. Anyways, back to the OP. You can always use this option where you IP block some IPs that spam over a specific limit, it really depends on the protocol and stuff.[/QUOTE] Real hackers don't DDoS game servers, because there's no point in doing that. What do you achieve by doing that? Angry kids? [editline]7th April 2011[/editline] [QUOTE=garychencool;29036165]but yet again: proxies and foot-printing makes it harder[/QUOTE] This is obvious. But unless you're getting attacked by Anonymous I doubt they'll be behind the famous seven proxies.

[QUOTE=esalaka;29036313]A Real hackers don't DDoS game servers, because there's no point in doing that. What do you achieve by doing that? Angry kids? .[/QUOTE] I don't DDoS Game Servers, I DDoS important targets where i get paid xD

[QUOTE=esalaka;29036313]Real hackers don't DDoS[/QUOTE] fixed.

[QUOTE=alphaspida;29027212]Thanks for the replies. I'm concerned because I know a community of hackers that can easily get a real DDoS program, and it is effective. Even I can go get the program now. @robmaister12 I wouldn't be able to take the server down because my network would already be flooded[/QUOTE] A "D"DoS program? You mean a remote-control for a bot-net which then is doing a distributed denial-of-service attack? Or do you mean a simple DoS program which just goes from one PC and therefore is not a DDoS.

Sometimes, if you change the WAN MAC address on your wireless router and reboot your modem, your ISP will give you a new IP and then the DDoSers will be DDoSing nothing.

[QUOTE=SuperDuperScoot;29031620]Is it me or did one of the braniest people in the H&S just confuse DDoS with DoS? I thought DDoS was basically an entire botnet DoS'ing you, hence the "distributed" in DDoS. :v: I could be wrong, I just woke up, so... [editline]7th April 2011[/editline] Don't hurt me. :saddowns:[/QUOTE] I believe you're right. But when we're talking about an attack in this sort of scenario, I'd hope that everyone would assume it's a DoS... most likely from the LOIC... which fucks up their connection as much as it does yours.

[QUOTE=garychencool;29036906]I don't DDoS Game Servers, I DDoS important targets where i get paid xD[/QUOTE] Somehow I doubt that EXDEE