Slashdot Mirror
Ask Slashdot: Mitigating DoS Attacks On Home Network?
First time accepted submitter Gavrielkay writes "We seem to have attracted the attention of some less than savory types in online gaming and now find our home network relentlessly DoSed. We bought a new router that doesn't fall over quite so easily, but it still overwhelms our poor little DSL connection and prevents us web browsing and watching Netflix occasionally. What's worse is that it seems to find us even if we change the MAC address and IP address of the router. Often the router logs IPs from Russia or Korea in these attacks (no packet logging, just a blanket 'DoS attack from...' in the log. But more often lately I've noticed the IPs trace back to Microsoft or Amazon domains. Are they spoofing those IPs? Did they sign us up for something weird there? And how do they find us with a new MAC address and IP within minutes? We're looking for a way to hide from these idiots that doesn't involve going to the Feds, although that is what our ISP suggested. Piles of money for a commercial grade router is out of the question. We are running antivirus and anti-malware programs and haven't seen any evidence of hacked computers so far."
changing your ISP?
They said it didn't matter if they changed the IP address or MAC of the router. This means the attacker can track them across domains. They should try NOT playing the online games after changing the IP address and see if the DoS persists. Also if they are being DoS'ed then a Distributed Reflective DoS DRDoS is probably what's causing up to 5 spoofed SYN-ACK packets to be sent per single attacker's packet (SYN Amazon, spoofed target return IP, Amazon tries to complete the TCP handshake with the target). They didn't sign them up for anything, that's the nature of a reflective attack.
Coincidentally, the surefire way to protect against DRDoS is to simply use DR-DOS, to play games that have far less chance of exposing you to assholes.