Menu
What's new
By:
Filters Better Search

DoS Advice

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

P

Paul Smith

Occasional Visitor
Good Afternoon All,

After a bit of advice. When gaming on the Xbox this afternoon my daughter joined a chat party and another user was able to get her details and then proceeded to boot her from the online game via a DoS attack.

Is there anyway of me stopping this? I am running a Netgear R7800 on Voxels latest software.

Here is a quick cut of my current logs:

[DHCP IP: 192.168.0.11] to MAC address f0:6e:0b:22:4c:d3, Sunday, May 03, 2020 16:47:56
[DoS Attack: Teardrop] from source: 69.19.14.13, Sunday, May 03, 2020 16:46:41
[DoS Attack: Jolt2] from source: 69.19.14.13, Sunday, May 03, 2020 16:46:41
[DoS Attack: UDP Port Scan] from source: 94.62.61.250, port 389, Sunday, May 03, 2020 16:46:36
[DoS Attack: Jolt2] from source: 103.79.182.217, Sunday, May 03, 2020 16:46:29
[DoS Attack: Jolt2] from source: 124.158.161.178, Sunday, May 03, 2020 16:46:22
[DoS Attack: Ascend Kill] from source: 94.42.81.10, port 53, Sunday, May 03, 2020 16:46:14
[DoS Attack: Jolt2] from source: 212.126.114.142, Sunday, May 03, 2020 16:46:12
[DoS Attack: Jolt2] from source: 91.143.58.10, Sunday, May 03, 2020 16:46:00

Not really sure what to do?

Many thanks in advance

Paul
 
Is your internet pipe saturating? If not then it is a router issue or bad game code would be my guess.
 
coxhaus said:
Is your internet pipe saturating? If not then it is a router issue or bad game code would be my guess.
Click to expand...
I think the perpetrator was able to get my IP when she added herself to the party chat within Xbox. I have told her to avoid this from now on unless she can trust the people in the chat. My assumption is that the in game chat will not allow details to be leaked.

Less setting up a permanent VPN (I do have NordVPN) via Kamos's add on I will try and get the Public IP from Virgin to change. It keeps giving me the same IP at the moment
 
Paul Smith said:
Less setting up a permanent VPN (I do have NordVPN) via Kamos's add on I will try and get the Public IP from Virgin to change. It keeps giving me the same IP at the moment
Click to expand...
If that's Virgin Media in the UK then their IPs are very "sticky". If you turn off the hub and leave it overnight you might get a different IP address, but probably not. Their DHCP leases are normally 7 days. Does your router have an option to clone (or otherwise change) the MAC address of its WAN interface? If you can do this you will immediately get a different IP address.
 
ColinTaylor said:
If that's Virgin Media in the UK then their IPs are very "sticky". If you turn off the hub and leave it overnight you might get a different IP address, but probably not. Their DHCP leases are normally 7 days. Does your router have an option to clone (or otherwise change) the MAC address of its WAN interface? If you can do this you will immediately get a different IP address.
Click to expand...

I can't see anything like that in the settings. I'll contact Virgin and see if they will do it
 
If they maxed out your internet speed then everything should have gotten slow. Is it possible they could have attacked through the game code chat? If it is through the game, IP will probably not matter.
 
coxhaus said:
If they maxed out your internet speed then everything should have gotten slow. Is it possible they could have attacked through the game code chat? If it is through the game, IP will probably not matter.
Click to expand...
This kind of DoS attack is common on the XBox.
 
coxhaus said:
If they maxed out your internet speed then everything should have gotten slow. Is it possible they could have attacked through the game code chat? If it is through the game, IP will probably not matter.
Click to expand...

Sorry I probably wasn't clear. I now know when you sent up an Xbox Party chat, it is done separate to the game and you can gain the IP addresses of all participants. My daughter now knows only to party chat with trusted people and stick to the game chat for everything else.

I have put a request into Virgin to change my public IP in the meantime as setting up the VPN will be a nause (and I am sure that will effect the gaming performance too)
 
You can use my firewall-blocklist script and put those IPs in the custom blocklist and they will be totally blocked (INBOUND and OUTBOUND) from your entire LAN ;)

Paul Smith said:
Good Afternoon All,

After a bit of advice. When gaming on the Xbox this afternoon my daughter joined a chat party and another user was able to get her details and then proceeded to boot her from the online game via a DoS attack.

Is there anyway of me stopping this? I am running a Netgear R7800 on Voxels latest software.

Here is a quick cut of my current logs:

[DHCP IP: 192.168.0.11] to MAC address f0:6e:0b:22:4c:d3, Sunday, May 03, 2020 16:47:56
[DoS Attack: Teardrop] from source: 69.19.14.13, Sunday, May 03, 2020 16:46:41
[DoS Attack: Jolt2] from source: 69.19.14.13, Sunday, May 03, 2020 16:46:41
[DoS Attack: UDP Port Scan] from source: 94.62.61.250, port 389, Sunday, May 03, 2020 16:46:36
[DoS Attack: Jolt2] from source: 103.79.182.217, Sunday, May 03, 2020 16:46:29
[DoS Attack: Jolt2] from source: 124.158.161.178, Sunday, May 03, 2020 16:46:22
[DoS Attack: Ascend Kill] from source: 94.42.81.10, port 53, Sunday, May 03, 2020 16:46:14
[DoS Attack: Jolt2] from source: 212.126.114.142, Sunday, May 03, 2020 16:46:12
[DoS Attack: Jolt2] from source: 91.143.58.10, Sunday, May 03, 2020 16:46:00

Not really sure what to do?

Many thanks in advance

Paul
Click to expand...
 
coxhaus said:
So how does the DDOS attack work. Can you explain it. Are they attacking the game code or the internet pipe?
Click to expand...
Typically it's just a simple flood attack. The individual "rents" a botnet and floods the target address with traffic. That increases the latency between the client and the game server sufficiently for the game server to kick the user out of the game.
 
ColinTaylor said:
Typically it's just a simple flood attack. The individual "rents" a botnet and floods the target address with traffic. That increases the latency between the client and the game server sufficiently for the game server to kick the user out of the game.
Click to expand...

Or in our case it actually dropped the whole internet connection :)
 
ColinTaylor said:
Typically it's just a simple flood attack. The individual "rents" a botnet and floods the target address with traffic. That increases the latency between the client and the game server sufficiently for the game server to kick the user out of the game.
Click to expand...

OK typical DDOS attack. Years ago you could do stuff in Steam so the game knew your IP address.

You might get your ISP involved since you have the exact times. I assume you time sync to NTP time.
 
Last edited:
You must log in or register to reply here.

Similar threads

Nothingworks
Updated my RBR50 to voxel firmware and I am still having Cannot Verify Server Identity issues.
Replies
2
Views
1K
HELLO_wORLD
HELLO_wORLD
E
AI Mesh keeps dropping
Replies
0
Views
1K
ExVee
E
U
Dos Attack by Apple
Replies
10
Views
2K
Slawek P
Slawek P
johnday29
Asus CT8 keeps going down, Please Help!
Replies
2
Views
2K
johnday29
johnday29
L
DSL-AC55U Error - Frequent Internet Disconnections (with log)
Replies
0
Views
3K
lardayn
L

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 946 (members: 23, guests: 923)
Top