Beruflich Dokumente
Kultur Dokumente
Yoigo, el operador
Disfruta con
Vodafone de
baratas de voz y
d t
yoigo.com
7 d
Pgina 1 de 10
simyo.es
vodafone es
i t
td
Contents
1 Who Am I?
2 What is a DDoS?
3 How easy is it to DDoS?
4 First things first
5 Determining if you are being DDoSd or not.
6 Who is targeting me and what can I do about it?
7 DDoS Solution Short Term
7.1 Problem
7.2 Pre-Solution
7.3 Solution
8 MAC Address Change (Solution 1)
9 MAC Address Change (Solution 2)
10 DDoS Prevention Setup
10.1 VPN
10.1.1 Dashboard
10.1.2 Server Selection
10.1.3 My Thoughts on Using a VPN
11 Skype Proxy (Best Solution - Combination of 2 & 3)
12 Skype Proxy (Solution 2)
13 Skype Proxy (Solution 3)
14 Closing
Who Am I?
I will start this guide by introducing myself and my credentials: My name is Matt gamebox Gunnin, President/CEO of Leaguepedia. I am a 27 year-old System
Administrator for Rackspace Hosting. I have an Electrical Engineering Degree with a specialization in Wireless Engineering. Working for a web hosting company, I
deal with malicious activity on a daily basis, some of which involves DDoS attacks on an Enterprise level. This can include hundreds of botnets sending millions of
packets directed towards not one, but multiple endpoints. I am very confident in my abilities as a System Admin, and have a proven track record on both an
infrastructure and networking standpoint. You can find more about me on my LinkedIn profile if you are in need of more background info.
When I put together our recent Leaguepedia Invitational I, we experienced the DDoS bug just like every other recent tournament, but I'll talk more about this later.
Please understand this guide isnt the end all be all of DDoS prevention; and for every person trying to prevent these attacks, there are ten more figuring out new ways
to do the attacking. I do, however, feel that if you follow my advice, you will be 100 times less susceptible to denial of service and other attacks that could take down
your internet connection and harm your computer.
What is a DDoS?
"A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer or network resource unavailable to its
intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person, or multiple
people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely."
http://leaguepedia.com/wiki/DDoS_Prevention_Guide
30/05/2013
Pgina 2 de 10
time at a very fast pace. Just imagine jellybeans being thrown at you one at a time, it starts with 1 jellybean being thrown over and over, and then 2, and then 3, and so
on and so on until you either have to eat all the jellybeans or your explode.
First and foremost we want to find out what our IP address is. The easiest way to do this is to go to www.whatismyip.us and write this number down. This will display
your external IP address since if you attempted to pull up your IP address directly from the command prompt you would be going through your router, as seen below.
Next we will attempt to ping the outside world. We will use Reddit.com as our example.
Note: You can add the -n option to specify how many ping request you would like to make. The default is 4. You can instead use -t which will ping the destination
until you stop it by pressing Ctrl + c.
The main two things we are most concerned with here is the number next to time = as well as the percentage of packets loss which is displayed below Ping statistics.
The time column is the amount of time it takes for a packet that is 32 bytes in size to travel from your computer to Reddits servers and then back to your computer. This
is also known around the League of Legends community as your latency and is a number Im sure most of you are pretty familiar with. In the beginning stages of a DoS
attack this number will increase periodically (40ms to 800ms) and will eventually respond with Request timed out. So if you believe you are being DDoSd, the first
thing to do is open a command prompt and ping a reliable website that you know is online (Reddit, Google, etc). Remember that most amateur DDoS attacks take time
to build up steam so you can usually catch the less sophisticated attacks before they take you completely offline. Just because you start lagging in-game or your internet
goes offline momentarily doesnt necessarily indicate you are being targeted.
NETSTAT
Netstat is the best tool you will more than likely have at your disposal that you can also run from the command line and will most likely give you a much clearer picture
as to what is going on. Once you are at the command line as demonstrated above, type netstat -ano which will display all your current TCP/IP connections. You are
looking for a large bulk of connections coming from the same IP address. You will also want to look at the STATE that each connection is in. If you see a bunch of
SYN_RECEIVED, which means the connection has sent a request and is staying open waiting for an acknowledgement.
http://leaguepedia.com/wiki/DDoS_Prevention_Guide
30/05/2013
Pgina 3 de 10
Most attacks that have occurred recently were done via botnets that are spaced out amongst hundreds if not thousands of IP addresses. This is where the Distributed
part of DDoS comes in to play. However, if you are instead being hit by some teenager that just found a new tool from the internet that he believes makes him a l33t
h4x0r so to show off his new skills he finds out your IP address, plugs it into the program and clicks the start button, he is instead performing a DoS attack. If you are
so lucky (or unlucky) that this is the case, he more than likely hasnt spoofed or blocked his IP. To find out where the DoS attack is coming from, you can run the
program TCPView (which I included in the download packet). What TCPView does is display all the current connections (endpoints) on your computer. It will be
very clear where the attack is coming from once you open the program but to give you a hint, it will be the connection that is shown 100s of times. From there you can
do what you please since you now have his IP address. If you want to go the legal route then you can plug his IP into www.whois.sc and find out who his ISP is and
give they will usually be pretty helpful once you tell them the situation.
Pre-Solution
What is the most important ingredient that an attacker needs so they can perform a Distributed Denial of Service on someone? An Internet Protocol Address Whenever
you log into your PC and connect to the internet, you are sending a request to your Internet Service Provider (ISP) asking for them to open a connection via their
pipeline to the web. Once your ISP accepts the request, it then assigns you with an IP Address that will now be your identifier whenever you sign online. IP Addresses
are assigned to ISPs via subnet blocks. To simplify it, your ISP is essentially given large handful of numbers that can be assigned to their customers with each one
being unique. I wont go into any further detail but the point I want to make clear is that every internet connection (no matter where) has an address that it is assigned
and is how devices communicate with one another so if you want to stop communication from occurring, you cant just block the attack because it is coming from
hundreds of separate locations. So the best short term solution is to change your IP Address since the DDoS attacks are directed at your IP and nothing else.
Solution
Please understand that some of these steps (3 & 4) are outdated and will more than likely not work.
They are included however as a precursor for some of the sections later on in the guide.
I am going to list the different ways to possibly change your IP. Start from the top and work your way down if the previous solution didnt work.
Note: There are two different ways that your ISP can provide you an IP, Dynamically and Statically. Dynamic IP addressing involves your ISP assigning you a different
IP each time you log on the ISPs network. This doesnt necessarily mean your ISP will change your IP each and every time your restart your computer as it is solely
dependent on when they deem it necessary. A dynamic IP address will be shared with other customers and will jump around as to who receives what IP. A Static IP is
exactly what it sound like, static and never changing. Static IP addressing is much less secure since you are provided an IP that never changes. ISPs now a day only
provide static IPs to their customer due to it being cost effective compared to dynamic addressing. I highly suggest calling your ISP and finding our 1) What type of
addressing you have and 2) If you are Static, is there any possibility to be changed to dynamic?
1. Unplug your cable/dsl modem as well as your router (for good measure) and wait 60-120 seconds. Plus back in and check www.whatismyip.com to see if you
were assigned a new IP.
Some ISPs put a TTL (Time to Live) on your IP for 8 to 24 hours so if you are under no time constraint then this can be attempted.
2. Call your ISP and tell them that you are being DDoSd and that you need a new IP. Depending on who you get on the phone, as well as your ISP will determine if
they will or not. I havent heard of many people having issues however.
3. Open a command prompt (Start -> run -> cmd)
Release (This will disconnect you from the internet)
Renew
4. Open a command prompt
You are looking for the default gateway:
Type your default gateway into your internet browser to bring up your routers admin page. You will need to google the type of router you have for the
username/password. Some common ones are root/password, admin/password, password/password, admin/admin.
Once you get in you can attempt to Release/Renew you IP here. Here is a screenshot of my routers configuration page.
5. If the above doesnt work then your next step is attempting to clone your mac address. This can be done here and is as simple as pressing the "Clone My PC's
MAC Address" button. You can only clone your mac address once but it should change your IP. This page will look like the following:
http://leaguepedia.com/wiki/DDoS_Prevention_Guide
30/05/2013
Pgina 4 de 10
Note: The MAC Address boxes will have letters and numbers. I blurred them out for security reasons.
3. Next you will want to click on the 'Advanced' tab and scroll down to 'Network Address'. The MAC address consists of 6 pairs of numbers (0 - 9) and characters
(A - F) in combination. For example 22-19-A2-C5-3D-65. Remember however that when entering this value in the 'Network Address' field that you want to omit
the dash (-), for example 8817E890E20A.
http://leaguepedia.com/wiki/DDoS_Prevention_Guide
30/05/2013
Pgina 5 de 10
1. If you still are unable to get a new IP address then you can try going into your registry settings and changing the MAC address of your Network Interface Card
(NIC).
You will first want to find out what type of NIC you have. So go to Control Panel -> Network and Internet -> Network Connections and find the
connection that is enabled and connected and right click it and select properties. You will then see the following which will tell you what type of NIC you
are using.
Under this key, you should see numbers in sequence as 0000, 0001 and so on. Click on one at a time to check the description of the device to
match it with that of your Network Card. I found my NIC all the way down at 0022.
Once found, in the right-pane, look for NetworkAddress key value. If you find it, right-click and select modify. Enter the desired MAC-Address as
a 12 digit number (all in one, no space . or -). Note that you can enter any arbitrary MAC-address as long as it is hexadecimal (a 12 digit string
containing numbers 0-9 and letters A-F).
If you dont find the key, right-click in the right pane, select New String Value. Enter the name as NetworkAddress. Now modify and set the
desired value.
Now, disable and enable the Network card from the ControlPanel Network Connections.
http://leaguepedia.com/wiki/DDoS_Prevention_Guide
30/05/2013
Pgina 6 de 10
This should reflect the new MAC-Address on your NIC. Should you choose to go back to the original manufacturer set MAC-Address simply delete
the key you just created/modified in the Windows Registry.
After changing the MAC through the registry, start back at the first step and reattempt restarting the modem, etc.
VPN
From what I have read in terms of reviews and ratings, HideMyAss is far and beyond the best VPN on the market. However, at the time of writing this guide I haven't
tried their service and the only way to really know if this VPN would be suitable for LoLs professional scene was to buy the product myself.
Dashboard
Server Selection
They have a huge list of available servers that are categorized according to geographical distance from you.
http://leaguepedia.com/wiki/DDoS_Prevention_Guide
30/05/2013
Pgina 7 de 10
This is a pretty big deal since they classify their servers as being overloaded at 30%
Once I made a successful VPN connection, here is the new dashboard that is displayed. Some important things to note is how you are able to make quick location
changes, IP changes, as well as schedule for an IP change.
So far, so good. The next thing I wanted to check out was how my latency was in-game.
Connected to VPN
There was absolutely no change with my ping. I tested with other servers and on a few of them I had some jumping around between 70ms 100ms but for most servers
it would stay pretty steady. This was also done while I had two streams running.
Now for the speedtest through Speedtest.net.
Connected to VPN
The first thing you notice is the decrease in download speed. I have 50/5 here through time warner but if you were on a 10/5 plan through your ISP then you wouldnt
see much, if any noticeable differences. They guarantee certain speeds through their servers which is a higher speed that what most of you have at home. The ping is
slightly higher but nothing of much concern either and varies according to server location.
My Thoughts on Using a VPN
My honest opinion is that if you are serious about completely protecting yourself from being DDoSd ever again and dont want to be forced into forfeiting a match
during a $5k+ event, then purchasing a VPN is the way to go. It will easily pay for itself after one tournament. And recently, there are a good bit of the pros that havent
been able to play a full tournament all the way through without being targeted. Whats good about HideMyAss is that you are able to make quick and fast connections to
and from the VPN. So what I would do is setup the VPN and then get a new IP address via your ISP through the methods I mentioned earlier in this guide. This way if
you are hesitate of using the VPN due to any performance problems there may be, you could turn it off while in-game and since you are proxied through Skype, you
would be good to go.
Their FAQ will answer most of your questions and you can sign-up for an account here. -- I just created this affiliate account a few minutes ago as I figured that the
League of Legends community should get something in return if we send them a handful of new accounts. So if you do decide to use hidemyass, please go through the
affiliate links. I will post updates of the figures for the entire community to see and then at a certain point I will use those funds to do some sort of giveaway,
tournament, you name it.
Step 2: Pick a server, generally you want to go with the one at the top since it's the fastest -- Step 2 Screenshot
The top three should give you a good fallback if the very top one becomes overloadedNote: Skype does not typically USE the proxy you set unless it's blocked
from a direct connection however you can FORCE it to use the proxy via registry settings. That's what we're about to do.
http://leaguepedia.com/wiki/DDoS_Prevention_Guide
30/05/2013
Pgina 8 de 10
overall it's not a huge problem and being safe is more important.I'd also like to re-iterate that SOCKS5 Proxies do not have this problem, they support both TCP
and UDP through the proxy. If you can find a good one, you're very lucky or you're paying for it.
Step 4: Put your selected proxy's IP and port in the appropriate boxes
And click save. It will prompt you to save the file, so save it somewhere you can find it.
Step 5: Go find the file, and either right click -> Merge... Or just double click on it
Step 6: It will tell you that you shouldn't add information from sources you don't trust
Click Yes
Finished: It will merge the values into your registry, now RESTART YOUR COMPUTER and you should be protected!
You can then verify that the proxy settings are saved into Skype by going to "Tools" -> "Options" -> "Advanced" -> "Connections" and checking the IP listed as
the same one you picked as your Proxy
Check the box that says "User port 80 and 443 as alternatives for incoming connections"
Go to http://www.xroxy.com/proxy-country.htm
Select the Country that you reside, pick any SOCK5 IP Address from the list and enter it as the host.
Note: What you are doing is running Skype via a proxy. As long as you pick an IP that is in the same country as you reside then you shouldnt see much, if any
degradation in call quality. If you do, just select a new IP until you find the best setup.
Open notepad and paste the following (substituting the proxy information with your proxy server)
Closing
I'm still working on improving this guide but just haven't had the time. I have some videos that will go into more detail on what exactly a botnet is, how they are started,
and why they were created in the first place. League of Legends is in a very delicate state professionally right now and all of you pro's out there need to put all of your
efforts towards growing the e-sports scene worldwide, but instead you have all had to deal with the recent DDoS attacks. I plan on removing that burden from each and
every team associated with the professional scene of League of Legends and would more than happy to sit down with each of you and get you to where you need to be
from a technical point of view so you are no longer hindered to pursue what's most important. If you would like to talk, please feel free to email me or follow me or
Leaguepedia on Twitter.
http://leaguepedia.com/wiki/DDoS_Prevention_Guide
30/05/2013
Tweet
214
Pgina 9 de 10
Me gusta
Curse
Curse is the #1 Resource for core online gamers.
Not a Member?
Get your Free Account!
Featured Sites
More
LoL Pro
Dominate with Pro LoL guides.
MMO-Champion
MMO-Champion
Keep ahead with the champions of WoW coverage.
GW2DB
GW2DB
Explore Tyria with Curse and GW2DB.
Browse
Core
Curse
MMO-Champion
WowStead
CurseForge
WowAce
SkyrimForge
SC2Mapster
LoLPro
ExilePro
Bukkit Forums
Community
Minecraft Forum
Terraria Online
Arena Junkies
Guild Wars 2 Guru
DiabloFans
FPS General
DarthHater
Defiance Forum
Wildstar Forums
Database
Guild Wars 2 DB
Zybez
DarthHater DB
Aion Armory
WoW Database
Marriland
Wiki
Minecraft Wiki
Terraria Wiki
Wowpedia
Skyrim Wiki
Wiki SWTOR
http://leaguepedia.com/wiki/DDoS_Prevention_Guide
30/05/2013
Pgina 10 de 10
Back to Top
About Us
Advertising
Privacy Policy
Terms of Service
Premium Terms of Service
Curse Newsletter
Jobs at Curse
vodafone.es
Yoigo, el operador
mvil con tarifas
baratas de voz y
d t
yoigo.com
7 d
http://leaguepedia.com/wiki/DDoS_Prevention_Guide
30/05/2013