Cannot stop hundreds of DOS attacks (an hour) SYN Floods & many others no matter what I try. What can I do?

Halo1999

Estimable
Apr 16, 2017
5
0
4,510
Have tried over 2 dozen methods to stop this, including switching modems - but nothing is working? Is there ANY WAY that I can put an end to this? I briefly read up on utilizing a script to allow a handshake to occur and thereby putting an end to the half-handshakes that are occurring, but I wanted to reach out to the community first. Any help would be greatly appreciated!
 
Solution
From your post I infer that your ISP is Comcast - is that correct?

Try calling again and escalating the call. Try to get to someone who can help.

About the only thing that is left to do is to unplug your router for a awhile, stay offline, and hope that your ISP actually assigns you another public IP which would then be, or should be, unknown to the attacker(s).

Not using a modem or modem/router from your ISP means that they do not have to accept any responsibility for problems regarding that device.

And, being naturally cynical, it seems that your ISP has identified another way to encourage you to rent their devices.....

How are you seeing/detecting the attacks?

Can you document the nature and scope of the attacks?

Start by contacting your ISP and reporting abuse.

If someone is targeting the ISP's address for your router then the ISP should be able to see the attacks and respond as warranted.

Note the ISP's address for your router is referred to as your "Public IP" and should not be given to anyone. You can find your own public IP via online tools such as "What is my IP".

Here is a reference link with more information:

https://www.lifewire.com/what-is-private-ip-address-818382
 

Halo1999

Estimable
Apr 16, 2017
5
0
4,510


I am seeing them in my router's logs and in a product called Snort.

I have pages and pages of documents showing several hundreds of attack, which I gave to my ISP. They were very interested for days, and then the next day, I got an email that said, they were unwilling to help me since I was using a (Comcast approved) Netgear C-7000 modem/router.

I never have given out my IP to anyone, and the attacks come from hundreds of other IP addresses. It's never the same. I once saw an IP used more than once and used Whois. It traced it down to an address in the U.K. from some small subsidiary of Virgin Media. After filing an "Abuse of Internet" report with them, they believed they had found the culprit, but the attacks just kept going. Then they called me 2 days later and stated that his IP address had been spoofed to appear it was coming from him. They then told me to contact my ISP.

Again, I tried contacting them, and again, they adamantly refused to help.
 
From your post I infer that your ISP is Comcast - is that correct?

Try calling again and escalating the call. Try to get to someone who can help.

About the only thing that is left to do is to unplug your router for a awhile, stay offline, and hope that your ISP actually assigns you another public IP which would then be, or should be, unknown to the attacker(s).

Not using a modem or modem/router from your ISP means that they do not have to accept any responsibility for problems regarding that device.

And, being naturally cynical, it seems that your ISP has identified another way to encourage you to rent their devices.....

 
Solution