DoS attack Help Pleasssse

[D333333ZNutz]

so i can post most if not all info on here when requested, im having a problem finding a way to stop these dos attacks. i took my modem offline for about 24 hours to allow for the lease on external ip to expire, plugged her back in and was having the same issues almost immediately, i've had to up my data cap to 1.2tb to give me some leeway to figure this out, im about 17 days into this data cycle and without downloading anything ive gone through 596gb of that cap. obviously the tech support for my provider (wavecable) was little to no help, i had to remind them that ive had friends recieve warnings for downloading files and in the warnings the exact file name and location on there computers was listed, so i know when they tell me all they can see as far as data usage is the actual amount of data used, that is bs. Really didnt change anything because they told me to change out equipment and use a malware tool, i spent almost 300 on my modem when i got it last year its a netgear c6300 not one of their pos modems and im not buying a new one just because some dos attacks. 

 

Sooooo after that rant if you think you might be able to help please make any requests for logs or info here and i can pm or post later today when i get back from work

 

 

thanks in advance to any and all that can help me track this and stop this first time ive ever had an issue like this in 15 years

[Sitting-Duc]

If you already changed your IP then it's internal..

 

What makes you think it's a DOS? 596GB over 17 days is like 0.4Mbps - which certainly isn't an attack. Or are you getting short bursts of high traffic?

 

What your provider is saying would be correct for the majority of data transfer - if you use HTTPS they cannot view the actual data. Or if it's a service such as a game where they 'could' see the data but would not be able to decipher it easily.

 

What logs do you have?

 

[Sammy]

Such letters likely were because they downloaded torrents from fakes set up as seeders or clients. Or maybe more likely they were seeders and the various anti-piracy people logged on as clients. Get enough data from the seeder to make sure it isnt a fake. Get the IP. Data and time. Filename. And pass them along to the provider. I dont know about file location however or if its possible to get that information from torrent clients. But it wouldnt surprise me. I dont use bittorrent so I cant say.

[D333333ZNutz]

If you already changed your IP then it's internal..

 

What makes you think it's a DOS? 596GB over 17 days is like 0.4Mbps - which certainly isn't an attack. Or are you getting short bursts of high traffic?

 

What your provider is saying would be correct for the majority of data transfer - if you use HTTPS they cannot view the actual data. Or if it's a service such as a game where they 'could' see the data but would not be able to decipher it easily.

 

What logs do you have?

 

its short bursts of high traffic, my modem/router has logs and i do believe its internal i did have an external ip from china DoS'ng me for a little but that did stop when i reset ip, ill send you a pm with the logs from the modem

[Sammy]

I occasionally get attempts from other countries trying to get into my system. Obviously to see if they can break in. But its likely fully automated to cycle through addresses like robocalls and see which ones respond. I forget the setting but see if your router responds to them. There are legit websites that scan all your ports and such for ping responses or if you are essentially blacked out. I am sure you already do this however. Also, if you did have torrents running somewhere then there is a period of time that other clients will remember you and attempt to see if it can continue downloading a certain file. So that is still something to check out.

[KaptCrunch]

what is your map of network ?   WiFi  or  cabled

 

isp modem> your router> desktop

                                      > Xbox

                                     >NAS  

 

 

 

other is the router firmware up to date  check  netgear site NOTE: READ ALL INSTRUCTIONS on updating firmware and have only the router connected to computer no other network devices.

 

time warner  firmware is  V1.02.19 

 

 Firmware is the software running on your cable modem that contains updates and configurations necessary for you to receive Time Warner Cable internet service. The firmware listed is for informational purposes, as it is managed and periodically updated by Time Warner Cable and is, therefore, not configurable by end users.

 

 

manual PDF  read manual about traceroute, once known the attacking IP then tracert it dos

 

 and get info then report abuse to the carrier / isp

 

possible that your WiFi is open and leaches are taking bandwidth

Edited January 19, 2016 by KaptCrunch

[KaptCrunch]

what protocal are using for network ? 

 

IPv6  or  IPv4