Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Mitigating DoS Attacks On Home Network?

Posted by timothy on from the send-them-to-your-dial-up-line-instead dept.

First time accepted submitter Gavrielkay writes "We seem to have attracted the attention of some less than savory types in online gaming and now find our home network relentlessly DoSed. We bought a new router that doesn't fall over quite so easily, but it still overwhelms our poor little DSL connection and prevents us web browsing and watching Netflix occasionally. What's worse is that it seems to find us even if we change the MAC address and IP address of the router. Often the router logs IPs from Russia or Korea in these attacks (no packet logging, just a blanket 'DoS attack from...' in the log. But more often lately I've noticed the IPs trace back to Microsoft or Amazon domains. Are they spoofing those IPs? Did they sign us up for something weird there? And how do they find us with a new MAC address and IP within minutes? We're looking for a way to hide from these idiots that doesn't involve going to the Feds, although that is what our ISP suggested. Piles of money for a commercial grade router is out of the question. We are running antivirus and anti-malware programs and haven't seen any evidence of hacked computers so far."

4 of 319 comments (clear)

  1. Re:What evidence do you have that you're being DoS by Leroy+Brown · · Score: 5, Interesting

    Ditto.

    My next question is: is his machine compromised and part of a botnet. I.e. is he the one doing the DoSing, and his router is falling over as a result.

  2. Cloud providers... by ayjay29 · · Score: 4, Interesting

    Hi,

    >> I've noticed the IPs trace back to Microsoft or Amazon domains

    This is probably stuff running on VMs in Amazon or Azure cloud services. Users can create VMs with insecure passwords and they are often the target of attacks.

    --
    Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated up.
  3. Re:What evidence do you have that you're being DoS by next_ghost · · Score: 4, Interesting

    The DSL router itself could be compromised as well. I'd start by booting up a Linux live CD, disconnecting everything else from the network and changing the external IP address again. Then I'd wait to see if they find you again. If they don't, start plugging everything back one device at a time, again checking if they find you after plugging the last device in.

  4. Re:What evidence do you have that you're being DoS by dills · · Score: 4, Interesting

    This is not a DoS attack. Look at how infrequent the packets are...it's essentially background noise that every IP address will see.

    This feels like 2002 all over again, when people had host-based firewalls and would freak out any time they got hit with a port scan, not really understanding what they were looking at.