Hi, a mate and I are getting constantly DDoSed but we are offline on everything and even when our computers are off it happens. We are both running PFSense and can see the logs we are getting attacked on port 19 (Chargen attack) or port 53 (DNS Amp attack) We are unable to figure out how they are getting our IP Addresses. I have a dynamic IP, I got attacked within minutes of a IP change. My mate has a static IP however he got it changed multiple times and he keeps getting attacked within a hour. If anyone has any suggestions how to mitigate the attacks, a way to catch who it is or how they are getting our IPs.
Do you have DDNS set up? That would be the obvious culprit. Other wise I'm not sure, could be some malicious software on one of your computers updating them with you IP or could be something else.
Those sound like snort alerts, are you actually losing connectivity from these attacks? Because snort gets a lot of false positives and there's always going to be a lot of junk hitting your firewall. So if it's not effecting your network performance then it's just normal noise and nothing to worry about.
I had DDNS setup a while back but not now. And yes we lose net connectivity pfsense blocks the attacks however it maxes out our inbound traffic so the internet just dies completely. We beleive its a chargen and a DNS attack we get
Yeah the traffic is the attack, there's not much you can do to block it once it's there. I'm not sure what you can do other then try to find how they're getting your IP address, although they could be attacking a range of IPs, does your friend use the same ISP as you?.
Have you talked to your ISP about it? What did they say?
No he is using a different ISP but no one else I know is getting attacked, its only me and him even our other close friends we game with aren't getting attacked... Well I'm with Telstra and they sent a tech out which was irrelevant but they fixed a connection issue, not the point... It's still happening and they don't want to do much about it. We just can't do much, we've saved all the logs but its all china etc...
It's probably your games which are giving your IP away. Easy solution would be to use a VPN, although this probably isn't ideal because of the added latency.
What programs are you using? There are many programs, who give away your IP. Try to maybe reinstall your OS and freshly install your software. Try staying away from services like Skype and Server-based games, since these will give away your IP-adress...
Max_J There are no programs that have been open on all the attacks, I've had all the computers turned off and thats still happened.
Zanginator This never happened before switching to PFSense I've been using it since March without a problem, this started about 4-6 Weeks ago. I am with Telstra (Australia), I use one of their modem in bridged mode plugged into PFSense and PFSense uses PPPoE for authentication etc...
Yes, and unfortunately nothing... (Never thought I'd say that) We spoke yesterday, we think it might be steam, any ideas on how they would get it from steam itself?
run nmap and check what ports you (and other pc's) have open
disconnect any else from the network - wireless printers, smartphones, blu-ray players, tv's etc. Perhaps something is compromised and is leaking out your globabl ip
have a good look at any UDP services (as it will keep pushing packets (stream) larger than the request if something)
perhaps capture a bit of the traffic (tcp dump or wireshark) and analyse the traffic