D333333ZNutz Posted January 17, 2016 Member ID: 1331 Group: ***- Inactive Clan Members Followers: 2 Topic Count: 26 Topics Per Day: 0.00 Content Count: 166 Content Per Day: 0.03 Reputation: 56 Achievement Points: 1193 Solved Content: 0 Days Won: 0 Joined: 04/13/10 Status: Offline Last Seen: November 1, 2020 Birthday: 09/09/1989 Posted January 17, 2016 so i can post most if not all info on here when requested, im having a problem finding a way to stop these dos attacks. i took my modem offline for about 24 hours to allow for the lease on external ip to expire, plugged her back in and was having the same issues almost immediately, i've had to up my data cap to 1.2tb to give me some leeway to figure this out, im about 17 days into this data cycle and without downloading anything ive gone through 596gb of that cap. obviously the tech support for my provider (wavecable) was little to no help, i had to remind them that ive had friends recieve warnings for downloading files and in the warnings the exact file name and location on there computers was listed, so i know when they tell me all they can see as far as data usage is the actual amount of data used, that is bs. Really didnt change anything because they told me to change out equipment and use a malware tool, i spent almost 300 on my modem when i got it last year its a netgear c6300 not one of their pos modems and im not buying a new one just because some dos attacks. Sooooo after that rant if you think you might be able to help please make any requests for logs or info here and i can pm or post later today when i get back from work thanks in advance to any and all that can help me track this and stop this first time ive ever had an issue like this in 15 years Awards
Sitting-Duc Posted January 17, 2016 Member ID: 561 Group: ++++ Senior Admin Followers: 85 Topic Count: 502 Topics Per Day: 0.09 Content Count: 5336 Content Per Day: 0.94 Reputation: 4612 Achievement Points: 41356 Solved Content: 0 Days Won: 29 Joined: 10/14/09 Status: Offline Last Seen: Saturday at 09:54 PM Birthday: 04/06/1992 Device: Windows Posted January 17, 2016 If you already changed your IP then it's internal.. What makes you think it's a DOS? 596GB over 17 days is like 0.4Mbps - which certainly isn't an attack. Or are you getting short bursts of high traffic? What your provider is saying would be correct for the majority of data transfer - if you use HTTPS they cannot view the actual data. Or if it's a service such as a game where they 'could' see the data but would not be able to decipher it easily. What logs do you have? Awards
Sammy Posted January 17, 2016 Member ID: 3036 Group: ***- Inactive Clan Members Followers: 32 Topic Count: 219 Topics Per Day: 0.04 Content Count: 9419 Content Per Day: 1.92 Reputation: 7515 Achievement Points: 62539 Solved Content: 0 Days Won: 21 Joined: 11/29/11 Status: Offline Last Seen: March 17 Birthday: 04/26/2008 Device: Windows Posted January 17, 2016 Such letters likely were because they downloaded torrents from fakes set up as seeders or clients. Or maybe more likely they were seeders and the various anti-piracy people logged on as clients. Get enough data from the seeder to make sure it isnt a fake. Get the IP. Data and time. Filename. And pass them along to the provider. I dont know about file location however or if its possible to get that information from torrent clients. But it wouldnt surprise me. I dont use bittorrent so I cant say. Awards
D333333ZNutz Posted January 18, 2016 Member ID: 1331 Group: ***- Inactive Clan Members Followers: 2 Topic Count: 26 Topics Per Day: 0.00 Content Count: 166 Content Per Day: 0.03 Reputation: 56 Achievement Points: 1193 Solved Content: 0 Days Won: 0 Joined: 04/13/10 Status: Offline Last Seen: November 1, 2020 Birthday: 09/09/1989 Author Posted January 18, 2016 If you already changed your IP then it's internal.. What makes you think it's a DOS? 596GB over 17 days is like 0.4Mbps - which certainly isn't an attack. Or are you getting short bursts of high traffic? What your provider is saying would be correct for the majority of data transfer - if you use HTTPS they cannot view the actual data. Or if it's a service such as a game where they 'could' see the data but would not be able to decipher it easily. What logs do you have? its short bursts of high traffic, my modem/router has logs and i do believe its internal i did have an external ip from china DoS'ng me for a little but that did stop when i reset ip, ill send you a pm with the logs from the modem Awards
Sammy Posted January 18, 2016 Member ID: 3036 Group: ***- Inactive Clan Members Followers: 32 Topic Count: 219 Topics Per Day: 0.04 Content Count: 9419 Content Per Day: 1.92 Reputation: 7515 Achievement Points: 62539 Solved Content: 0 Days Won: 21 Joined: 11/29/11 Status: Offline Last Seen: March 17 Birthday: 04/26/2008 Device: Windows Posted January 18, 2016 I occasionally get attempts from other countries trying to get into my system. Obviously to see if they can break in. But its likely fully automated to cycle through addresses like robocalls and see which ones respond. I forget the setting but see if your router responds to them. There are legit websites that scan all your ports and such for ping responses or if you are essentially blacked out. I am sure you already do this however. Also, if you did have torrents running somewhere then there is a period of time that other clients will remember you and attempt to see if it can continue downloading a certain file. So that is still something to check out. Awards
KaptCrunch Posted January 19, 2016 Member ID: 389 Group: *** Clan Members Followers: 48 Topic Count: 317 Topics Per Day: 0.06 Content Count: 4903 Content Per Day: 0.86 Reputation: 4088 Achievement Points: 39636 Solved Content: 0 Days Won: 52 Joined: 09/14/09 Status: Offline Last Seen: 31 minutes ago Birthday: 01/01/1970 Device: Windows Posted January 19, 2016 (edited) what is your map of network ? WiFi or cabled isp modem> your router> desktop > Xbox >NAS other is the router firmware up to date check netgear site NOTE: READ ALL INSTRUCTIONS on updating firmware and have only the router connected to computer no other network devices. time warner firmware is V1.02.19 Firmware is the software running on your cable modem that contains updates and configurations necessary for you to receive Time Warner Cable internet service. The firmware listed is for informational purposes, as it is managed and periodically updated by Time Warner Cable and is, therefore, not configurable by end users. manual PDF read manual about traceroute, once known the attacking IP then tracert it dos and get info then report abuse to the carrier / isp possible that your WiFi is open and leaches are taking bandwidth Edited January 19, 2016 by KaptCrunch Awards
KaptCrunch Posted January 19, 2016 Member ID: 389 Group: *** Clan Members Followers: 48 Topic Count: 317 Topics Per Day: 0.06 Content Count: 4903 Content Per Day: 0.86 Reputation: 4088 Achievement Points: 39636 Solved Content: 0 Days Won: 52 Joined: 09/14/09 Status: Offline Last Seen: 31 minutes ago Birthday: 01/01/1970 Device: Windows Posted January 19, 2016 what protocal are using for network ? IPv6 or IPv4 Awards
Recommended Posts