As of recently, there’s been a lot of buzz in the streaming world about DDoSing. I’ve had several (15+) people approach me via Skype/e-mail asking me how to deal with attacks. It’s only natural that, as streaming has exploded in popularity, attention-seeking teenagers would try to find new ways to get their kicks.
To start, what exactly is DDoSing? It’s easy enough to google a definition, but here’s what is happening in laymen’s term – a person is using a large number of computers (usually referred to as a botnet) to flood your connection so that no “useful data” (in the case of playing games or streaming, that would mean the data you’re sending/receiving to either the server you’re streaming on or the server that you’re playing your game on) is able to make it to your modem. It’s possible that you’ve unintentionally experienced this flooding yourself by running uTorrent or some other download/upload program while trying to play a game, and you find that everything is too laggy to play properly.
DDoSing has no effect on the actual system itself, but rather DDoSing only affects your internet connection. It is impossible to mitigate a DDoS using any kind of modem or router, by the time the flood has reached your modem or router, it is too late. I’ve heard people make the claim that a router or modem can somehow “ignore” certain IPs for a DDoS attack, but that’s the equivalent to trying to prevent someone from choking by installing a food incinerator in their stomach. If your esophagus (your line) is already full of food, no amount of “filtering” at the router/modem level (your stomach) will keep you from choking. The only way to actually mitigate a DDoS starts at the mouth (ISP) level. Seeing as most of us don’t have access to our ISPs (unless maybe you own an expensive business line or something) this kind of filtering is out of reach for us. Regardless of how expensive or effective your router is at filtering “bad data”, if that bad data is clogging your line before it ever reaches your modem, there’s nothing you can do to prevent your network from being slowed to a crawl.
Who or What is a DDoSer?
A lot of people on forums refer to DDoSers as hackers, anonymous members, FBI terrorists etc…etc…etc… While it is possible that some people who DDoS are experienced members of any particular hacking community, the large majority of kids who get into this stuff have absolutely no idea what they’re doing. They simply pay a monthly fee to any number of websites that allow you to “direct” their botnet (a large swarm of infected computers) to flood out a connection. It’s pretty easy to tell if the person attacking your connection belongs to this group of people because the websites they use generally won’t allow them to sustain any DDoS attacks for greater than 90 seconds.
Basically, the only thing that a person needs to launch these attacks is an allowance from their negligent parents and your IP address. How do they get your IP address? That’s where our wonderful program Skype comes in!
How to Mask Your IP on Skype, or, Why is Skype Such a Piece of Shit Program?
If you’re just looking to get Skype working and you could give a fuck less about the technical mumbo jumbo, or the reasoning for why things work the way they do, here’s a step by step guide.
WARNING: This will cost you an enormous amount of money (approx. $5 USD/month for an SSH tunnel), proceed at your own discretion.
Setting up a Socks Server via Putty
1. Download Putty
2. Unfortunately, this is where a little bit of work comes in for you. You have to purchase a VPS (Virtual Private Server) that you can use to route your traffic through, preferably one with DDoS protection, and one that supports SSH Tunneling. After some searching around, I recommend sh3llz.net. The SSH Tunneling option is the one we want.
3. Enter the information of your VPS into Putty, as shown here. Port 22 is standard for SSH.
4. Expand “Connection”, then “SSH”, then “Tunnels”, and then add “8080″ to where it says “Source port”, then check the “Dynamic” bubble below. It should look like this. Once you’ve entered this information, push “Add”, and then D8080 should show up in the white box.
5. Once you’ve finished this, return to the Session menu, enter whatever name you’d like in the “Saved Sessions” box, and click “Save”.
6. Now click “Open” on Putty. A black box should come up prompting you for a user name/password, which will vary based on the service you set up. You might have to click “Accept” or “Okay” on another box that comes up first; this is normal.
Congratulations, now you’re connected to your VPS via SSH tunneling. You’re able to share this with as many people as you’d like, too, as long as you don’t go over your monthly bandwidth. Skype conversations don’t require very much bandwidth, but I’d recommend staying away from video calling or screen sharing, as that could eat up your bandwidth rather quickly.
Forcing Skype to Use a Proxy
2. Install from the “set-up.exe”.
3. Run the program and a wonderful fun box will pop up. Under “Proxies”, click “New Proxy”, and enter 127.0.0.1:8080 for the Server:Port box, select the bubble next to “Socks v5″, and for “Chain” you can simply leave it as “Unused”. It should look like this.
4. After you’ve set this up, click “View Programs”. You now need to find where Skype is installed on your computer, then click and drag “Skype.exe” into this white box. It should look like this, though it may vary based on where you’ve installed Skype. The important part is the “Skype.exe” at the end. Be careful not to simply click/drag a shortcut into here, but the actual .exe itself.
5. Right click on the Skype entry you’ve created within Widecap, and click “Modify Application”.
6. Click “Create new…” next to the empty “Rule Name” box.
7. In the next box that comes up, click the “Chain” tab. There should be a drop down menu under the words “Proxy chain to be used:”, select “Unused” from that drop down menu. Your proxy should pop up with a check mark next to it. It should look like this. Click “OK” at the bottom.
8. Under “Rule name”, it should now say “New rule #1″. Press “OK” at the bottom. Now restart Skype, and it should be running through your VPS!
Ensuring Your IP Remains hidden
I would enter the Skype options and set it so that Skype does not automatically start whenever your computer turns on. If it does, you run the risk of connecting to Skype before you’ve started Widecap, which would reveal your IP to anyone who’s searching for it. There’s also a settings option in Widecap that allows it to start at system start-up. If you follow these two rules, the worst case scenario if you forget about your proxy is that you will try to start Skype and nothing will happen. After you manually start Skype, it won’t connect to the internet. This means that you’ve forgotten to load up Putty and connect to your VPS! Having Widecap start with your system while preventing Skype from doing so ensures that you will never again leak your IP via Skype.
I know this all seems relatively complicated, but this is the only way that I’ve found to reliably force Skype to use a proxy. I have tried using the Skype application itself to use a proxy, I’ve tried modifying registry settings, I’ve tried messing with config files, etc…etc…In my personal experience, the only way to reliably force Skype to use a proxy is to force it with an external program.
It’s also important to note that if you’ve already been DDoS’d, it’s possible that person has a record of your IP address, in which case you need to change it. Remember, none of what we’ve gone over here will protect you from getting DDoS’d, it will only prevent a person from acquiring your IP address. If a person is able to get your IP address, the only way to prevent further DDoSing is to change it.
Other ways your IP can get leaked -
Connecting to an IRC via Quakenet’s Webchat or mIRC
Clicking on “IP-logging” links (these are websites who’s sole purpose is to be clicked on by your intended target. Once clicked on, these websites will log your IP address for further use)
Displaying your IP Address on Stream (this sounds silly, but it’s possible for it to pop-up in a lot of different programs – pay attention to this stuff if you’ve been a victim of DDoSing in the past!)
Someone else on your network doing any of the above, including using a non-proxied Skype (a roommate, a friend, a family member, etc…)
If you have any questions, leave them in the comments and I’ll try to edit the above to clear up any confusion!
If you’re curious about what’s actually happening here, I’ll try to explain it as best as I understand it.
Putty is being used as a Socks 5 Server on your computer. After Putty has been connected to your VPS, you have an SSH tunnel established that allows you to send/receive information from your computer via that Socks 5 server to your VPS. Using Widecap allows you to force a program (Skype, in this case, though you can really do this with any program) to use 127.0.0.1:8080 (127.0.0.1 = localhost, or, our Socks 5 server that is putty, and 8080 is the port that we specified earlier under the SSH Tunneling properties in Putty) for all of its data transfer. What this essentially does is restrict a program to communicate only with your VPS, so all of your traffic is effectively being masked by that server.