Skip to main content

    Support

    Offers

U
user_ge3w7n
1st Topic

2 Messages

Monday, October 9th, 2023 8:25 PM

Closed

Been getting denial of service attacks recently need help

Recently family a member has been streaming his video game to a streaming website and a person who none of us knows has been shutting down not only the internet but our phone service as well. we have pretty good internet and were curious if there was a way to monitor the incoming traffic to figure out where it is coming from. The family member doesn't interact with this person(s) at all and like clockwork, every time he connects to there website to stream what he is playing the interruption to the service starts about 30 mins. to an hour into his streaming until he has to stop streaming. I did some digging around and found out the person(s) involved have been violating 18 U.S.C. section 1030 of the Computer Fraud and Harm Act of 1988. but the larger issue at hand is the phone which gets cut off when this person(s) does this action putting a family member that has medical issues in harm's way because the individual(s) are shutting down the modem and our phone services. When the family member who streams tried to call to get help the service rep was trying to sell him unwanted products and refused to help them out. please any help would be appreciated.

Question

 • 

Updated 

2 years ago

 • Edited

629

2

0

flatlander3

Problem Solver

 • 

1.5K Messages

2 years ago

If it's a distributed attack directly to your IP address and you are using Xfinity gear, there isn't much you can do about it.  You can try working with Xfinity security, start here:  https://internetsecurity.xfinity.com/help/report-abuse 

You can't spoof your MAC address to get another IP address on possibly a different subnet to shake a script kid attacker with Xfinity gear, and the firewall on their rental equipment is pretty limited.   It can't do anything to slow down an attacker, remember past attackers, or stall out a script, so if you are using port forwarding for this arrangement or gaming, or for some other device on your network, don't do that with rental gear in the future -- if that is how your streaming service works.  If it functions differently, then more details might help.    

You can also exchange your rental gear at an Xfinity store.  It will have a different MAC address then.  You'll get a different IP address.  You might be able to do that by mail too if this link is still accurate:  https://www.xfinity.com/support/articles/returning-your-equipment 

If you are using a dedicated firewall for your networking and a modem, or a gateway in bridge-mode, depending on what you are using, you may have other options and the ability to at least see the network traffic hitting you.  

0

0

MNtundraRET

Gold Problem Solver

 • 

5.9K Messages

2 years ago

The real problem is that in order to play games online he had to lower is protection on the Internet.

3

0

flatlander3

Problem Solver

 • 

1.5K Messages

@MNtundraRET​ It's one of the reasons why I've never been a fan of closed firmware on a consumer gateway.  You just don't have any control over what is allowed.  High/medium/low security??  Well.  They don't seem to want to document exactly what that means on any of them, so that's kind of worthless.

If you have to expose it somehow, then isolating it from the rest of your equipment on a separate subnet, then controlling who exactly it can talk to, and the protocols that are allowed to do that, plus mitigating outright hostile connection attempts "by some means" (something along the lines of fail2ban or snort) with your own firewall rules would be best practice.  

Devil is always in the details.

2 years ago

0

user_ge3w7n

2 Messages

no I haven't lowered my protection at all they are going after the router itself

2 years ago

0

flatlander3

Problem Solver

 • 

1.5K Messages

@user_ge3w7n​ Well, then I would take a hard look at the details of the "gaming server".  Why your public IP address would be public to their users.  Also, why your gear would respond via a "game streamer" connected to it.  

There's an attack vector somewhere.  If you aren't port forwarding (blowing holes in your firewall), there should be zero response to any port, and you wouldn't be a very good target for a DoS attack.  There's just nothing to hit.  Nothing to make use of.

* I would also add, no way to find your IP address to even target it in the first place.  You'd just be a random IP on a really large chunk of IP blocks that didn't respond if you're doing it right.  A canned script kid would just move on to the next IP address.

Do try contacting Xfinity Abuse NOC's though.  Perhaps they can bump your IP address from their end to at least temporarily help you out.

(edited)

2 years ago

0

forum icon

New to the Community?

Start Here