Protection against DDoS attacks/Hackers

[roolom]

Hello Cohh and Cohhmunity,

In light of the recent malicious attacks against Cohh. I thought I'd put some information out there on how to prevent DDOS attacks, and protect yourselves in the future. As well to offer possible solutions to Cohh.

Alright before I get into the nitty gritty, allow me to give you a brief history lesson. The internet was created by the US military so that the army could maintain communications in case of a nuclear assault, in the event multiple cities went down. The military wanted a way to communicate that was self healing. INSTEAD of using central offices like they had been.

The problem with this from a digital standpoint is this, ALL data moves over these lines. From personal information to trash/spam mail. Anyone with the know how can access these nodes, and people eventually did. (Man in the middle attack.)

The result? VPN or Virtual Private Networking. VPNs use something called a tunneling protocol to protect your data. Say I'm sending an email from Chicago to Los Angeles - well first and foremost my data will become encrypted. The VPN than creates a tunnel from my router to the recipients router in Los Angeles. This is a two fold security profile. Not only does the hacker have to locate and break into the tunnel, BUT your data will be encrypted. To most people with malicious intent - such as scrip kiddies. this is enough of a deterrent, as they lack the actual skill to decrypt those packets.

Some VPNs go a step further and the minute a tunnel is breached; they simply shut down and recreate a new one elsewhere.

Things to know about VPN servers:
1.) They are client based systems - meaning the path of connection goes something like this [VPN Client] -> [VPN SERVER] -> [Internet]

2.) Most major companies (Microsoft, Cisco, Amazon, etc) tend to have their own VPN servers. VPN clients don't often work with foreign VPN servers ex: Microsoft client to Cisco Server.

3.) The speed of the connection will depend entirely on the upload speed of the recipient. (Again say I want to connect to an office in Los Angeles - say they are running DSL there. Even if my line here in Chicago is Fiber with 1Gb up and down. only about 756kbps will push through(the average speed of a DSL connection.)

I will come back and add more as I see fit. Probably do some sort of an update with a list of reliable VPN servers/clients. Feel free to add what you'd like and questions you have.

[H3ll0J3ll0]

cool stuff, but what does ddos have to do with vpn, isnt ddos just when you ping someone with alot of data? I cant really see the fun/point in ddosing cohh since he's a friendly streamer with a mature audience(but apparently not all).

[DesignGears]

Hiding behind a VPN isn't going to help.

As a consumer, twitch streamer, the best you can do without paying major money is get a router with DoS protection and disable ping response. This will mitigate the problem as most claimed DDoS attacks are really some script kiddie doing a DoS.

[Aprilnoelle]

Thank you for posting this

[fullderpgaming]

[QUOTE="designgears, post: 19690, member: 14792"]Hiding behind a VPN isn't going to help.

As a consumer, twitch streamer, the best you can do without paying major money is get a router with DoS protection and disable ping response. This will mitigate the problem as most claimed DDoS attacks are really some script kiddie doing a DoS.[/QUOTE]

Uh... Linksys WRT54GL running DDWRT firmware for free should give plenty of DDOS protection.

[DesignGears]

[QUOTE="fullderpgaming, post: 20101, member: 24651"]Uh... Linksys WRT54GL running DDWRT firmware for free should give plenty of DDOS protection.[/QUOTE]

OOB it does nothing to prevent DDoS or DoS.

You can setup some iptables and other methods to mitigate them.

http://www.dd-wrt.com/wiki/index.php/Pr ... ce_Attacks

[fullderpgaming]

[QUOTE="designgears, post: 20102, member: 14792"]OOB it does nothing to prevent DDoS or DoS.

You can setup some iptables and other methods to mitigate them.

http://www.dd-wrt.com/wiki/index.php/Pr ... ce_Attacks[/QUOTE]

Seems pretty in depth to me. http://www.dd-wrt.com/wiki/index.php/Pr ... ce_Attacks

[DesignGears]

[QUOTE="fullderpgaming, post: 20103, member: 24651"]Seems pretty in depth to me. http://www.dd-wrt.com/wiki/index.php/Pr ... ce_Attacks[/QUOTE]

OOB means out of the box.

You just linked what I linked and it doesn't come setup for you, so just installing dd-wrt doesn't do anything against attacks. Also getting dd-wrt installed is a pain in a lot of cases for normal consumers, I can only imagine if installing dd-wrt is difficult for you setting up iptables would be even harder.

[fullderpgaming]

OMG I didn't even realize it. LOL. I need to lay off the caffeine for today. LOL.

[DesignGears]

[QUOTE="fullderpgaming, post: 20105, member: 24651"]OMG I didn't even realize it. LOL. I need to lay off the caffeine for today. LOL.[/QUOTE]

LOL

Replying to fast for your own good!! I did that with code last week, brought the warehouse pulling to a stop for a good 10min

Warehouse manager was not happy with me D:

[LunaticOnExtacy]

Can anyone with a bit on insight share a bit of knowledge?
First up, as far as Ive understood most of the DDoS attacks done to streamers are usually regular DoS attacks done with programs like LOIC, HOIC and the like, which doesnt seem like a big deal to me if you have a dynamic IP.
Not sure how many households in the mericas have one, but over here in germany it is rather standart and with a slight invesment into a decent FritzBox router you can change your IP with the press of a button.
How effective is this really ?
I imagine changing ones IP would have the person launching the DoS attack adjust to it/finding it anew.

Which brings me to the 2nd point : Protecting your IP.
Yes we all know skype had issues, but with them giving you an option to hide your IP this is barely any longer present. Now in addition, they also added a Proxy tool which you should be using if you dont have a dynamic IP. Just look for a local free server and set it up. Now this shouldnt show your (real) IP any longer for any connections.
I image if someone got your IP adress by being an admin on a server you connected to he no longer would be able to DoS you directly but the proxy server instead, which you can change on the fly.

[DesignGears]

[QUOTE="LunaticOnExtacy, post: 20148, member: 25762"]Can anyone with a bit on insight share a bit of knowledge?
First up, as far as Ive understood most of the DDoS attacks done to streamers are usually regular DoS attacks done with programs like LOIC, HOIC and the like, which doesnt seem like a big deal to me if you have a dynamic IP.
Not sure how many households in the mericas have one, but over here in germany it is rather standart and with a slight invesment into a decent FritzBox router you can change your IP with the press of a button.
How effective is this really ?
I imagine changing ones IP would have the person launching the DoS attack adjust to it/finding it anew.

Which brings me to the 2nd point : Protecting your IP.
Yes we all know skype had issues, but with them giving you an option to hide your IP this is barely any longer present. Now in addition, they also added a Proxy tool which you should be using if you dont have a dynamic IP. Just look for a local free server and set it up. Now this shouldnt show your (real) IP any longer for any connections.
I image if someone got your IP adress by being an admin on a server you connected to he no longer would be able to DoS you directly but the proxy server instead, which you can change on the fly.[/QUOTE]

Time Warner Cable and Comcast won't let you change your IP that easily, you usually have to call in or wait for the lease to expire, which if I recall is 3 months on Comcast. However, I don't think security through obscurity is such a great idea, as in grabbing a new IP and hoping the person that found in to begin with won't find it again.

Hiding things behind a proxy is a good way to mitigate the problem, but that just leaves you walking on eggshells all the time trying to make sure the software you are running isn't showing anyone your public IP. Someone knocking your skype proxy MIGHT leave you without skype if they manage to take it down, but that can be changed quickly if you are using skype during your stream. Otherwise not an issue. You shouldn't run your streaming software thru a proxy tho, that usually ends up severely limiting your speed.

There are good ways to mitigate the problem for consumers who can't throw cash at it. Router with DoS protection and turning off ping replies is a good start with stock firmware. You can also use DD-WRT, it accomplishes the same thing as DoS protection in other router software, it can be more effective since you have complete control over all of the rules.

I personally use stock firmware with DoS protection and ping responses turned off. I also have the luxury of being on a GigE fiber connection so a group of script kiddies on Comcast/TWC would have no hope of even making me aware that they were DDoS'ing me.

[alanwade]

I Use PureVPN DDos protected IP to protect my self from DDos attack & believe me guys it is just awesome

[DesignGears]

[QUOTE="alanwade, post: 23258, member: 39473"]I Use PureVPN DDos protected IP to protect my self from DDos attack & believe me guys it is just awesome[/QUOTE]

This is useless if someone has your real IP already. Even more useless because PureVPN won't be able to sustain the speed you need to stream. Plus you joined today and immediately plugged your product and left. Going to go ahead and report for spam.