Questions Regarding DoS Attacks and VPN Services

Sassbogs

Honorable
Aug 2, 2013
4
0
10,510
I have been the victim of DoS, or "Denial of Service" attacks while gaming over the past year. I recently purchased a VPN service for my main rig, but wasn't sure about a few things:

1) While running, will the VPN mitigate or stop a DoS attack?

2) Will those that had attacked my IP address in the past still be able to kick me offline because they might still know my TRUE IP address?

For the record, my ISP is Comcast.

Any knowledge is greatly appreciated.
 
Solution
Most likely you have a DHCP lease on your IP, you could unplug your modem around when the lease is up for say 30mn. This should get you a new IP address and then IF you were dos'd you would have a new IP.

ddpruitt

Honorable
Jun 4, 2012
226
0
10,860
Unless you really pissed someone off I doubt you're the victim of a DOS attack, more likely you have problems with your internet connection. If yo were DOSed you probably got a notice from Comcast about the huge number of connections that were sent to you. Either way a VPN does nothing to mitigate a DOS attack. A VPN simply allows secure communication between two points, it's not designed to protect from attacks designed to bring your network down. If your IP is know it can still be DOSed.
 

ahnilated

Distinguished
Nov 9, 2006
189
0
18,660
Most likely you have a DHCP lease on your IP, you could unplug your modem around when the lease is up for say 30mn. This should get you a new IP address and then IF you were dos'd you would have a new IP.
 
Solution

Sassbogs

Honorable
Aug 2, 2013
4
0
10,510
Thanks for the suggestion, ahnilated. I actually read about that procedure this weekend and I think I will try it.

ddpruitt, let me elaborate:

I have been playing online games for more than 10 years, and I know the difference between a connection interruption and a DoS. When I do get DoS'd and lose internet access, my router and modem lights are normal, but when I look at my network activity and router logs, I had an immense amount of random traffic from random IPs that shouldn't have occurred. At the beginning of a rated match, when Skype goes robotic and everyone is running in place on my screen before I lose internet access for 10-20 minutes, I know it was a DoS; it feels a lot like using an old homemade "lag switch". In short, I can feel the difference between a DoS and a general connection failure.

And yes, I have Skype setup to "only allow direct connections to Contacts", but this didn't seem to have helped. Ever.

According to my recent experience with the VPN I now use, it does in fact assign me a public IP address other than my own. Being that it is a VPN and not just a Proxy, I can assume that any program I use, be it a game, Skype, Google Chrome, etc., will now use the "masked" IP that "IPchicken.com" or "whatsmyip" shows, instead of my true IP. Is this correct?

Expecting Comcast to care enough to contact me, a paying customer, about a possible router attack is beyond realistic. I'm not sure if you are familiar with this monopoly of an ISP. Furthermore, contacting Comcast about an IP change or DoS concerns is like going to Walmart and expecting the goofy teenager in electronics knows anything about micro dimming or contrast ratio on the TVs they sell. I just get some incompetent guy named "Jason" with a thick Indian accent who obviously just reads me a generic, unhelpful list of steps from some clipboard on how to release and renew from a command prompt, before sending me into an infinite loop of department transfers until they drop my call "accidentally".

The reason I came here with this question, is that I revere Tom's Hardware for the help and expert opinion it's users have given me in the past. Please do not insult my intelligence by assuming that what happened to me was not a DoS attack, because in the modern world of online gaming and VOIP programs (Skype), it is not as rare as you think.

Now, if what you say is correct about VPNs in that they do not protect from a DoS attack, then why do my friends use proxies? I did an immense amount of research on proxies and VPNs, and I came to the conclusion that a VPN is essentially a blanket proxy that protects all applications that request internet access.

Is this not true?
 

ddpruitt

Honorable
Jun 4, 2012
226
0
10,860
Normal modem lights and "Random Connections" doesn't sound much like a DoS attack. A DoS attack (well at least a properly executed one) will flood your modem with a large number of incoming connections and would cause it the data light to flicker continously, usually along a few narrow ports that are already vulnerable, were a vulnerable server is sitting. Random IPs may be a sign of a DoS but it could also be a symptom of something else. If your connection dies for only 10-20 minutes then I would suggest you have other issues as a DoS attack would either require a restart of the affected router and/or computer or would start and stop very quickly depending on the type of attack. What your describing sounds a lot like an IP/Port configuration problem, something like two services attempting to use the same tunnel/port simultaneously.

I don't know exactly how your what your VPN is doing. A VPN is point to point connection across which data transfer is secure, that's it. A VPN can be setup to only forward a few services or all services. Depending on your VPN provider the other end may or may not be secured against DoS attacks, though it would certainly be more resilient than your local connection. This however doesn't protect your actual IP address. If your IP is still known it can still be DoSed to bring it down, which in turn would bring down the VPN connection that depends on it. On the other hand VPNs forward some connections and that alone may resolve any misconfiguration issues that you may have on your router. Keep in mind your VPN may not be forwarding all of the ports, I would check to be sure what it's forwarding.

My guess is that your router is misconfigured and running both skype and your games causes a conflict that confuses the hell out of the router and takes a while to sort out. If your connection starts borking immediately only during a skype session or starting an online game I would assume a configuration error rather than a DoS. Remeber, a DoS is a constant attack that will also disrupt mundane things like browsing and youtube, I would be surprised if it only lasted 20 minutes at a time. Unless someone is out to get you and is looking to DoS you only when you're in a game I would rule out something malicious. Next time it happens try this: first power cycle the router (without disconnecting any wires) and rebooting your computer, see if that fixes it. If not then powercycle the router while disconnecting your internet cable long enough to get a new TCP address (it might take some experimentation to figure out how long this takes). If power cycling the router fixes the your internet and you have the same TCP address then it's definitely not a DoS attack.

I only suggest that Comcast would contact you if they see a large number of connections headed your way and would assume you're trying to run a commercial website and would want to charge you extra. But this would depend on Comcast actually caring which it appears that in your area they don't.
 

Sassbogs

Honorable
Aug 2, 2013
4
0
10,510
ddpruitt,

I have always had high performance routers, and my current router is the ASUS RT-AC68U, which I meticulously calibrated and have hardwired into my gaming rig. I do not think it is a problem with my router. I have used Skype to communicate with friends while playing, and out of the hundreds and hundreds of hours I have Skyped with friends while gaming, I have only experienced a DoS at the beginning of rated matches, which is the most commonly expected place for it to happen in the gaming community I play in, for obvious reasons. And yes, when this phenomenon occurs, I am unable to connect to Google, YouTube, email, etc., on any device in my home for the duration of the attack. I don't think this is a coincidence or port conflict, but I'm not here to argue with you.

You also have to remember that there are different kinds of DoS attacks, and this thread is in regards to Denial of Service attacks, not Distributed Denial of Service attacks.

Please read: http://en.wikipedia.org/wiki/Denial-of-service_attack

Alas, I have since read more about VPNs and talked to others who use VPNs to secure their own matches, Skypes, and Twitch streams, and decided that I have already been on the best course of action to resolve this annoying, illegal exploit. That being the case, I am sorry my case is hard for your to believe, and that we have different understandings of this topic.

I suppose that the only thing I can do is follow ahnilated's advice and continue to run my VPN.

Thanks for the replies, guys.
 

Beachyiow

Estimable
Jul 29, 2014
1
0
4,510
How can I tell if I was a victim of a Dos attack or just normal activity ? I was playing last night a happily killing in game when my internet kept on going down. I just thought it might be my crappy ISP provider?
However, I look at my moidem this morning and saw these.............

[DSL: Down] Monday, July 28,2014 20:52:16
[DoS attack: ACK Scan] from source: 92.122.126.131:443 Monday, July 28,2014 20:52:02
[DoS attack: RST Scan] from source: 66.196.66.213:443 Monday, July 28,2014 20:51:19

There are several of them .........and my internet was down up down up down up .......so much so i couldent stay connected?
 

Wile E Coyote

Estimable
Apr 24, 2014
23
0
4,570
I would recommend on running a full system scan in safe mode i ran a few test.

And came a across this info.

I ran across Virus tool and did a scan on 66.196.66.213:443

A lot red flags popped up.

Do you have any kinda cloud service in EU Akamai Technologies,

Here is a link to run malwarebytes in safe mode.http://filehippo.com/download_malwarebytes_anti_malware/download/b4e61afbce39d8817fa97c149f6652a8/


 

Sassbogs

Honorable
Aug 2, 2013
4
0
10,510
Sorry, I don't click on any link with "malware" in it. Call me superstitious.

I ended up using a paid proxy service for my Skype, which works wonderfully; I haven't been attacked since.

I also would recommend anyone using Skype for gaming communication to not broadcast their Skype information, and make sure to make a username that isn't easy to trace to your in-game name.

I don't think many people responding to this topic understand what a Denial of Service attack really is, so let me explain, as I have educated myself on this topic since posting on the forums:

There are two types of IP attacks: Denial of Service, and Distributed Denial of Service. The first mentioned is usually some script kiddie who used his/her mommy's credit card to buy a $5 booter program on google. These types of booters are effective, but not potent. The latter is more serious, and usually requires an accumulated amount of victim computers, known as a "botnet". In a botnet, yes, malware is involved, and the virus infects a multitude of unprotected computers which turn into minion PCs, or "zombies" which the attacker can use to form a serious, concentrated attack on a specific IP address.

What is being sent to the victim is a ton of "packets". Everything you do on the internet involves you requesting and sending packets of information. The attacker sniffs out your IP address and then uses his/her booter or botnet to literally flood your router with a ton of gibberish packets. This is known as a "synflood", and renders your internet connection useless for a various amount of time (depending on the sophistication of the attack) because your router is unable to distinguish the fake packets from legitimate traffic. You're entire home network is unusable until the flood is over, which could last anywhere from 5 minutes to a few hours, again, depending on the severity of the attack.

How do these losers get your IP address through Skype?:

Skype uses P2P, or "Peer to Peer" connections, which do not require a server between users. This means that any communication between users is a direct connection. All the attacker needs is to find you on Skype, online, and by means of a booter program, can commit a DoS/DDoS attack. They don't have to be in your Skype contacts, they just need to find you, logged in. The "enable direct connections to my contacts only" feature within Skype is garbage, so do not trust it.

Although, if anyone else is adamant about using Skype, and still remaining protected, the optimal method of defense is finding a free proxy service, or better, subscribing to a paid service. Personally, I have been using Proxee.net, and haven't been attacked since.

DoS/DDoS attacks are illegal and are committed by the scummiest of people. Attacking a serious business, government, or military complex is a felony.

If you use this link, it credits my account by giving me a discount :). Go ahead and scan the link for viruses, if it makes you feel better.

http://proxee.net/billing/aff.php?aff=033
 

Wile E Coyote

Estimable
Apr 24, 2014
23
0
4,570


File hippo is a trusted site i use it be cause it has the fastest download time.

 

tramik

Distinguished
Oct 15, 2010
1
0
18,510


Yes and yes. First change your public IP with Comcast. Power-cycling your modem may work as the previous poster stated... however it may not. Lease times on DHCP address can be customized.

After that, a VPN should, ideally, protect you - as those outside your network will only see the packet headers for your VPN provider.

The only exception is if you have malicious software broadcasting your public IP to the attacker, or you fall for a phishing-type scam where they can log your account (so they know who you are) and your IP (so they know where you are).