As of recently, there’s been a lot of buzz in the streaming world about DDoSing. I’ve had several (15+) people approach me via Skype/e-mail asking me how to deal with attacks. It’s only natural that, as streaming has exploded in popularity, attention-seeking teenagers would try to find new ways to get their kicks.
To start, what exactly is DDoSing? It’s easy enough to google a definition, but here’s what is happening in laymen’s term – a person is using a large number of computers (usually referred to as a botnet) to flood your connection so that no “useful data” (in the case of playing games or streaming, that would mean the data you’re sending/receiving to either the server you’re streaming on or the server that you’re playing your game on) is able to make it to your modem. It’s possible that you’ve unintentionally experienced this flooding yourself by running uTorrent or some other download/upload program while trying to play a game, and you find that everything is too laggy to play properly.
DDoSing has no effect on the actual system itself, but rather DDoSing only affects your internet connection. It is impossible to mitigate a DDoS using any kind of modem or router, by the time the flood has reached your modem or router, it is too late. I’ve heard people make the claim that a router or modem can somehow “ignore” certain IPs for a DDoS attack, but that’s the equivalent to trying to prevent someone from choking by installing a food incinerator in their stomach. If your esophagus (your line) is already full of food, no amount of “filtering” at the router/modem level (your stomach) will keep you from choking. The only way to actually mitigate a DDoS starts at the mouth (ISP) level. Seeing as most of us don’t have access to our ISPs (unless maybe you own an expensive business line or something) this kind of filtering is out of reach for us. Regardless of how expensive or effective your router is at filtering “bad data”, if that bad data is clogging your line before it ever reaches your modem, there’s nothing you can do to prevent your network from being slowed to a crawl.
Who or What is a DDoSer?
A lot of people on forums refer to DDoSers as hackers, anonymous members, FBI terrorists etc…etc…etc… While it is possible that some people who DDoS are experienced members of any particular hacking community, the large majority of kids who get into this stuff have absolutely no idea what they’re doing. They simply pay a monthly fee to any number of websites that allow you to “direct” their botnet (a large swarm of infected computers) to flood out a connection. It’s pretty easy to tell if the person attacking your connection belongs to this group of people because the websites they use generally won’t allow them to sustain any DDoS attacks for greater than 90 seconds.
Basically, the only thing that a person needs to launch these attacks is an allowance from their negligent parents and your IP address. How do they get your IP address? That’s where our wonderful program Skype comes in!
How to Mask Your IP on Skype, or, Why is Skype Such a Piece of Shit Program?
If you’re just looking to get Skype working and you could give a fuck less about the technical mumbo jumbo, or the reasoning for why things work the way they do, here’s a step by step guide.
WARNING: This will cost you an enormous amount of money (approx. $5 USD/month for an SSH tunnel), proceed at your own discretion.
Setting up a Socks Server via Putty
1. Download Putty
2. Unfortunately, this is where a little bit of work comes in for you. You have to purchase a VPS (Virtual Private Server) that you can use to route your traffic through, preferably one with DDoS protection, and one that supports SSH Tunneling. After some searching around, I recommend sh3llz.net. The SSH Tunneling option is the one we want.
3. Enter the information of your VPS into Putty, as shown here. Port 22 is standard for SSH.
4. Expand “Connection”, then “SSH”, then “Tunnels”, and then add “8080″ to where it says “Source port”, then check the “Dynamic” bubble below. It should look like this. Once you’ve entered this information, push “Add”, and then D8080 should show up in the white box.
5. Once you’ve finished this, return to the Session menu, enter whatever name you’d like in the “Saved Sessions” box, and click “Save”.
6. Now click “Open” on Putty. A black box should come up prompting you for a user name/password, which will vary based on the service you set up. You might have to click “Accept” or “Okay” on another box that comes up first; this is normal.
Congratulations, now you’re connected to your VPS via SSH tunneling. You’re able to share this with as many people as you’d like, too, as long as you don’t go over your monthly bandwidth. Skype conversations don’t require very much bandwidth, but I’d recommend staying away from video calling or screen sharing, as that could eat up your bandwidth rather quickly.
Forcing Skype to Use a Proxy
1. Download Widecap (http://widecap.ru/en/download/)
2. Install from the “set-up.exe”.
3. Run the program and a wonderful fun box will pop up. Under “Proxies”, click “New Proxy”, and enter 127.0.0.1:8080 for the Server:Port box, select the bubble next to “Socks v5″, and for “Chain” you can simply leave it as “Unused”. It should look like this.
4. After you’ve set this up, click “View Programs”. You now need to find where Skype is installed on your computer, then click and drag “Skype.exe” into this white box. It should look like this, though it may vary based on where you’ve installed Skype. The important part is the “Skype.exe” at the end. Be careful not to simply click/drag a shortcut into here, but the actual .exe itself.
5. Right click on the Skype entry you’ve created within Widecap, and click “Modify Application”.
6. Click “Create new…” next to the empty “Rule Name” box.
7. In the next box that comes up, click the “Chain” tab. There should be a drop down menu under the words “Proxy chain to be used:”, select “Unused” from that drop down menu. Your proxy should pop up with a check mark next to it. It should look like this. Click “OK” at the bottom.
8. Under “Rule name”, it should now say “New rule #1″. Press “OK” at the bottom. Now restart Skype, and it should be running through your VPS!
Ensuring Your IP Remains hidden
I would enter the Skype options and set it so that Skype does not automatically start whenever your computer turns on. If it does, you run the risk of connecting to Skype before you’ve started Widecap, which would reveal your IP to anyone who’s searching for it. There’s also a settings option in Widecap that allows it to start at system start-up. If you follow these two rules, the worst case scenario if you forget about your proxy is that you will try to start Skype and nothing will happen. After you manually start Skype, it won’t connect to the internet. This means that you’ve forgotten to load up Putty and connect to your VPS! Having Widecap start with your system while preventing Skype from doing so ensures that you will never again leak your IP via Skype.
I know this all seems relatively complicated, but this is the only way that I’ve found to reliably force Skype to use a proxy. I have tried using the Skype application itself to use a proxy, I’ve tried modifying registry settings, I’ve tried messing with config files, etc…etc…In my personal experience, the only way to reliably force Skype to use a proxy is to force it with an external program.
It’s also important to note that if you’ve already been DDoS’d, it’s possible that person has a record of your IP address, in which case you need to change it. Remember, none of what we’ve gone over here will protect you from getting DDoS’d, it will only prevent a person from acquiring your IP address. If a person is able to get your IP address, the only way to prevent further DDoSing is to change it.
Other ways your IP can get leaked -
Connecting to an IRC via Quakenet’s Webchat or mIRC
Clicking on “IP-logging” links (these are websites who’s sole purpose is to be clicked on by your intended target. Once clicked on, these websites will log your IP address for further use)
Displaying your IP Address on Stream (this sounds silly, but it’s possible for it to pop-up in a lot of different programs – pay attention to this stuff if you’ve been a victim of DDoSing in the past!)
Someone else on your network doing any of the above, including using a non-proxied Skype (a roommate, a friend, a family member, etc…)
If you have any questions, leave them in the comments and I’ll try to edit the above to clear up any confusion!
Technical Mumbo-Jumbo
If you’re curious about what’s actually happening here, I’ll try to explain it as best as I understand it.
Putty is being used as a Socks 5 Server on your computer. After Putty has been connected to your VPS, you have an SSH tunnel established that allows you to send/receive information from your computer via that Socks 5 server to your VPS. Using Widecap allows you to force a program (Skype, in this case, though you can really do this with any program) to use 127.0.0.1:8080 (127.0.0.1 = localhost, or, our Socks 5 server that is putty, and 8080 is the port that we specified earlier under the SSH Tunneling properties in Putty) for all of its data transfer. What this essentially does is restrict a program to communicate only with your VPS, so all of your traffic is effectively being masked by that server.
Fourth
so you say that any advanced router/modem with aggresive type DoS protection is useless?
Yes, 100% useless.
like how – we don’t talking about leaked IP(it’s not DoS obvious) – as far as i know using DoS protected router you basically block suspicious traffic using firewall and DoS protecting service, and the best of all – block suspicious IPs
of course throughput will be lacking, potentially router will be a little busy watching for DoS stuff, but network will stand
The only useful device is one in your ISPs datacenter. There are some appliances that can stop a DDoS in its tracks, but they cost in the near 6 digits and are somewhat finicky, they also don’t help you if your connection is completely saturated. A DDoS actually does two things to “take you offline”, it usually “overloads” your router with too much throughput and causes it to continuously reset, in addition a DDoS floods your connection usually to a point even before your modem. If your connection is saturated no special modem or router will help you which is why a DDoS blocking device needs to be ISP side.
Good luck trying to stop a DDoS when 100 computers are sending 1 Gigabit/second of TCP traffic your way. No kind of traffic shaping will save you. You can dick with SYN Cookies all day, it’s not going to work.
will gonna work for me actually
A simple DDoS or DoS attack works by flooding a node with packets. Even if your router filters these packets, they are still flooding your wire. This is why firewalls cannot protect you from those kinds of attacks.
finally somebody gave correct answer to issue
Ninth
Daaamn negga thats some good carpetcleaner adivce!
Thanks for writing this all out. I’m sure it will help a lot of streamers and dismiss a lot of guesswork about DDoS protection.
couldn’t you achieve the same results by paying ~12 dollars for a VPN
see: http://i.imgur.com/IoL5f.png
You could, but this is free.
you have to pay for a VPS too silly
dude you should change the text color to gray instead of white, all the old school computer terminals are gray on black instead of white on black for a reason
Shouldn’t a VPN be sufficient to stop a DoS attack?
A vpn will be fine and is easier to set up. however, you’ll be paying $5-20/month rather than $20/yaer
yes but for those who also game on Xbox (which is ridiculously easy to get someone’s IP via cain and able etc.) a VPN is really the only way to go since I don’t think you can get Xbox to mask your IP but correct me if i’m wrong. The Xbox pro gamers have been having this trouble for about 6 months now. but its MS fault for having such shitty security on their end.
it is beyond microsoft’s control, considering the same exact thing can happen no matter what console , actually it doesn’t even matter about the console you are using it purely relies on the internet connection and the IP address. So blaming microsoft is childish and you are probably some Apple fanatic. Maybe learning about topics before trying to point out simplistic incorrect things like that would help you in the long run.
Challenge accepted
One thing to note. The sh3llz SSH tunneling option is shared with other people and is not meant for large amounts of bandwidth, so you really should get the DDoS protected VPS at the very least (though for such a low price I’m not sure how long they would put up with attacks before cancelling service).
No problem that it isn’t fast if you just use it for skype text chat. If the kiddie DDOS’s your tunneled skype IP for 90 seconds or whatever, it won’t affect you in-game.
Great article.
Love the choking analogy for the line saturation problem, think I’ll steal that one!
Funny how you blocked me on skype after I taught you how to do this, then post it because you’re 1337.
For people who aren’t morons, you should route widecaps via Vidalia, which is the free tor network. It works just as well and you don’t need to pay every month. Alternatively you can run Skype in a virtual machine and use a free VPN like Hotspot Shield.
I blocked you on Skype? wat?
Also, Tor is not really reliable for Skype. If you’re connected to a shit node then your call quality will suffer.
Running Skype in a VM is unnecessarily complicated.
i have a smoothwall router (homemade) and i was recently DDoSed. the “router” was able to log all the ip addresses connecting to my network, sent screenshots of the attackers to my ISP and even looked up the IP’s and called the hosting companies to attempt to track this guy down (hes using proxies). yes, my internet did suffer, but the smoothwall computer was able to at least give me good information. i would reccomend it to anyone who has a spare PC and has a little linux or google researching knowledge.
nice job, that’s what i was talking about
Worthless, they are paying for randomly cracked boxes around the world to spam your connection, you won’t be able to stop it by sending logs of ips TCP flooding you to your ISP.
Sorry to skew away from the topic a little bit, but whatever happened to the judge judy case? Was it filmed and simply not aired yet? Can we get some kinda update on that?
Steven was approved for Judge Judy, but he didn’t want to go into the case because both parties would get money for it.
U ARE MY HERO BRO
You are incorrect, it IS possible to mitigate a (D)DoS attack using correct filters.
There are multiple ways to deny service and clogging bandwith is only one of them.
For example: you use a botnet to massively start the search function on a forum and the forum will be useless. Why? The search will be using all its resources to perform the search so none is left to display a thread to a regular user.
Most DDoS attacks nowadays spoof the return ID and that’s where it usually goes wrong. You filter those and you could be up & running again.
Wrong, DDoS’ers who kill streamers do nothing but spam their internet connection until they disconnect from everything (Which lets face it won’t be over 50Mbit unless they live in Sweden)
The contrast of the background and the text is terrible. Please consider changing it.
It’s funny how the submitter of this post is internally hurt and attempts to rag on ddosing kids. I liked the information you posted, but could’ve done without your shitty opinion on the ddosers themselves.
To be fair, DDoSers are a mouth breathing waste of oxygen.
Every weekend i used to pay a quick visit this website,
as i wish for enjoyment, as this this web site conations truly fastidious
funny stuff too.
I’M A HORNY MOTHER, CAN SOMEONE FUCK MEH ?
Or you could simply stop using insecure programs like skype…
Yea lets stop using ANY p2p voice programs.. OH WAIT there is none.
skype wont log after that
some1 tell me i followed all the steps and now skype wont connect
This could be cased by a network issue,Might be because your on a VPN that witch is having trouble connecting to skype
I agree with ICE i deal with DDoS attacks Daily for about 5 years.I reccomend buy a DDoS protect VPN,In witch i can provide.I will say depending on the attack my VPN might help.I will say my VPN does not protect from layer 4 DDoS attck aka SSYN,Email me for more info.udptech@aol.com