After beating three of the top 5 3's team on my battlegroup I have continually been getting DDoS'd. It seems they are getting my IP through skype (i deleted everyone i don't trust).

What can I do to prevent this in the future? Please, any advice... i can't be losing 40 points a game now when i'm sitting at 2400 MMR.

Um, coincidence?

I don't think that there are hundreds or thousands of computers involved in an attack on you (ruling our DDoS) and I don't think anyone with the knowledge to do such a thing (DoS) would risk federal prison to win a match against one team in a game, I have to say. Who is your ISP?

Nobody could be attacking you with a DoS attack and remain online with the same, or attached IPs (so, not in the same house).

I'd say, you got bad timing, and your ISP was taking a dump. it happens :(

Um, coincidence?

I don't think that there are hundreds or thousands of computers involved in an attack on you (ruling our DDoS) and I don't think anyone with the knowledge to do such a thing (DoS) would risk federal prison to win a match against one team in a game, I have to say. Who is your ISP?

Nobody could be attacking you with a DoS attack and remain online with the same, or attached IPs (so, not in the same house).

I'd say, you got bad timing, and your ISP was taking a dump. it happens :(

Couldn't even access my router it was getting so many packets, theres no coincidence there. I break up like a robot on skype, skype DC's, i get DC'd from WoW (it says your connection has been closed or w/e) and it then takes me 5 mins to access my router to change my mac address so my ISP would lease me a new IP.

This happened 3 times tonight while doing 3s with a particular person (hasn't happened since we stopped). It also happened immediately after adding someone on skype after beating the rank 3 team on my BG.

It not only happened to me today but also to the other person in the skype call (who i know isn't a DDoSer since i've known him for 4 months now and played with him almost daily).

IIRC they are using "Low Orbit Ion Cannon"

I'm pretty sure that unless your attackers are using their own ISP, or live in an area with an unsophisticated ISP, all ISPs in the developed world have defenses against LOIC and it would be unlikely for someone to be able to use it. However, I suppose they are really clever, and the jokes on them, since they are using significant brainpower to mess with you. They should be making millions with good inventions :P

I'm pretty sure that unless your attackers are using their own ISP, or live in an area with an unsophisticated ISP, all ISPs in the developed world have defenses against LOIC and it would be unlikely for someone to be able to use it. However, I suppose they are really clever, and the jokes on them, since they are using significant brainpower to mess with you. They should be making millions with good inventions :P

http://www.arenajunkies.com/topic/218736-ddosers-revealed/
http://www.arenajunkies.com/topic/218587-addressing-ddos-attacks/

Tons of top players are getting targeted.

Use a proxy. i can write more on the subject later. at work right now writing on my phone

The ddos story is well known. The guy who did it even got exposed. I can explain in detail how to avoid it: it involves a remote server to setup a proxy cq an ssh tunnel and an extra piece of software (around 30$) on your pc. The biggest part is setting up a server. I used a simple linux shell account to set squid up, but it was a european one (talking about 5-10$ a month). Though squid might not be needed (on some vshells you can't even install it or they don't want you to), where you can use a simple ssh tunnel then. You have the choice between running your skype on a seperate IP from your wow, or run both throug a way more secure environment. If you are interested, chuck me pm and I'll explain.

All I can think while reading this thread is 'how pathetic that people would go to these kinds of lengths to get an unfair advantage in arenas...'

Makes me glad that I don't have any interest in serious PvP. Our guild recently put out a recruitment thread on the WoW forums looking to add some RBG recruits and, judging by the applicants that have responded, it has only reinforced the stereotype of your average PvPer having the IQ of a walnut (apologies to those of you who do PvP and aren't knuckledraggers). Needless to say we haven't filled a single spot on our roster through the recruitment process in 3+ weeks of advertising...

DId you watch the video of the guy being ddos'ed..and the mini revenge..if he end up on judge judy :)

http://www.youtube.com/watch?v=tsQwAJx_Jdo&feature=player_embedded#!

eh. Wha-?

Forego the occasional internet complaint about "being DDoS'd", Id be more likely to accept that there is another problem. Virus, poor ISP, Firewall is down, AVP is off, Peer-to-Peer is on and unrestricted, Firmware out of date, using static IP? etc.

Keep in mind that some people (uneducated mostly) will automatically jump to conclusions and label something too quickly. So when searching the internet now a days, take it with a little salt and do a lot of research. Check your systems settings etc etc. If say 8 million subs play a game and 1K "believe" they are a victim of attacks, the likelihood of 0.013% of the that demo being wrong is high.

Id strongly suggest a complete system wide check. Firmware, Viruses, Malware, SpybotS&D, UnHackMe, unplug from the grid and resolve the issue or eliminate the variable that its more probable that the local computer is compromised. Then diagnose the network, and then call a service tech for your ISP.

I think it's highly likely you WERE being dos'ed or ddosed. Considering the circumstances and the well documented problems of late i find it hard to believe that it should be anything else. Of course what Apps said should be considered first and foremost but it's one hell of a coincidence that surrendly when you're amongst the top contenders you get this problem of being dc'ed while in arena. As i said it's been well documented by now that this is going on and it's not a new thing either, it just got more widespread than it used to be. The thing is, there has been two different tactics on dc'ing opponents in arena.

#1 Using an exploit/bug in WoW to DC others.
#2 (D)Dos attacks

Most in catagory 1 gets stomped out rather fast because it spreads like wildfire and has been used in rated bg's aswell. Since it's done via actions in WoW it is also very easy for Blizzard to track and punish. So these problems gets sorted by themselves in time. The problem with this tactic is that you often can't defend against them at all - except from not playing until it's fixed.

Catagory 2 with DoS attacks is alot harder to avoid since Blizzard has little to do with it. I am sure that they will ban people who use it if it's proven, which has been the case before. Not long ago several were banned because of this, but it took quite awhile for this to happen.

What you can do, as already mentioned is to route through a proxy. Find somewhere you can get a free SSH account. Download PuTTY, connect to the account via PuTTY and have it port forward on port 1234. Then via skype have toggle automatic proxy detection and set it to socks proxy 127.0.0.1 port 1234. Close down skype and open it again. Now noone should be able to see your IP via skype anymore.

Now atleast noone should be able to get your IP from skype in the future.

You can do alot to protect your router, depending what router you have. Cisco is really good, but you probably have something in the lines of a Linksys. Linksys also has some setings that can help.

Here is a quotation from Steve Riley on Router security:


Block all inbound traffic where the source address is from your internal networks. Why in the world would there be traffic on the outside that originates from the inside? This is a sign that someone is spoofing you.
Block all outbound traffic where the source address isn't from your internal networks. This is the inverse of #1: there's never any reason for your network to emit traffic that's sourced from some other network. Somone on the inside is spoofing someone else (we have a term for such people: employee).
Block all inbound and outbound traffic where the source or destination addresses are from the private address ranges. Defined in RFC1918 (ftp://ftp.rfc-editor.org/in-notes/rfc1918.txt), these addresses are for use in internal networks; ISPs agree not to route such traffic. Of course, ISPs make configuration mistakes, too; I've seen traffic with these addresses on the Internet. So don't trust that your ISP is perfect, block the stuff yourself. And remember to include the Windows automatic private IP addressing block. The ranges, then, are: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, and 169.254.0.0/16.
Block all source-routed packets. Way back in 1970, when "routers" were Unix computers running a routing deamon, they weren't all that reliable. So IP (ftp://ftp.rfc-editor.org/in-notes/rfc791.txt) includes a provision for the headers of a packet to indicate the route the packet should take from its source to its destination. Source-routing was necessary then, but it's completely unnecessary today: routers are some of the most reliable gear around. Source-routed traffic is the sign of an attack: drop it all.
Block all broadcast packets, including directed broadcasts. Broadcasts are useful inside a network, but have pretty much zero utility between networks, so don't let the stuff in (or out). And good old smurf (http://en.wikipedia.org/wiki/Smurf_attack) attacks, still seen as a form of revenge in IRC, rely on directed broadcasts. [Thanks to Michael Dragone (http://www.mikerochip.com/) for suggesting this additional rule.]
Block all packet fragments. Fragrouter (http://www.live.com/?q=fragrouter) is an old but wonderful tool, imminently useful for evading network intrusion detection. With it, an attacker can create packet fragments -- TCP or UDP packets missing the TCP or UDP header -- and, for example, map out your firewall policy and prod for holes and mistakes in your configuration. With one notable exception, fragments are generally not created, so there's no reason to permit them into your network. What's the exception? IPsec -- or, more precisely, IKE authentication in IPsec. During the authentication sequence, IKE performs six round trips between the peers. As the peers negotiate a protection suite and exchange keys, IKE generates fragments: very rarely will the key fit in a single packet. So if you're allowing IPsec between the Internet and something behind your border router, you'll need to skip this final rule.

I would, if i were you, look through your router settings and see what options you have that could help you against attacks. Such as ip verify unicast reverse-path.

Try and play around with your router settings and see what you can find. I hope some of this can help you out.

Cheers and good luck :)

For those who said that you could not be online and DDoS someone you are unfortunately incorrect. Any house with two seperate routers set up can cache IP addresses local only to one router and DDoS anyone while still remaining online in arenas. This is a well documented problem at higher ratings and something has to be done to stop it.

My router won't let me block certain incoming traffic from what i've seen :(

Um, coincidence?

I don't think that there are hundreds or thousands of computers involved in an attack on you (ruling our DDoS) and I don't think anyone with the knowledge to do such a thing (DoS) would risk federal prison to win a match against one team in a game, I have to say. Who is your ISP?

Nobody could be attacking you with a DoS attack and remain online with the same, or attached IPs (so, not in the same house).

I'd say, you got bad timing, and your ISP was taking a dump. it happens :(
Have you not met the internet?

So there is a blog or forum that is feeding someone asshats ip addresses.

So a wow forum/blog for example you logged into would give them your ip address, from there they would target that address. Getting that address to correspond to arena people would either mean arena specific blog or them knowing something specific about you. Them knowing something specific about you would mean you filling out a your server/guild/character name someplace (like ej, team/comp signature app, or using a tool like tune by reforges, etc)

There is no way someone playing the game is going to decide they want to ddos you and then attack your router. Baring them living in your dorm, house, or similar.

My guess if this paranoia is for reals is that a blog got hacked and they don't know it.

If your also running bit torrent software downloading 'stuff', these attacks happen often days after you stop downloading and pack up the client and switch ports, even if you pick up someone elses ip the attack is still there. That's jut part of that game. I would think that is the real source of this. The attacks on torrent downloaders is essentially a test bed on how to attack people, with the excuse that they are torrent downloaders.

So there is a blog or forum that is feeding someone asshats ip addresses.

So a wow forum/blog for example you logged into would give them your ip address, from there they would target that address. Getting that address to correspond to arena people would either mean arena specific blog or them knowing something specific about you. Them knowing something specific about you would mean you filling out a your server/guild/character name someplace (like ej, team/comp signature app, or using a tool like tune by reforges, etc)

There is no way someone playing the game is going to decide they want to ddos you and then attack your router. Baring them living in your dorm, house, or similar.

My guess if this paranoia is for reals is that a blog got hacked and they don't know it than many would think. It doesn't take a skilled hacker to do it.

If your also running bit torrent software downloading 'stuff', these attacks happen often days after you stop downloading and pack up the client and switch ports, even if you pick up someone elses ip the attack is still there. That's jut part of that game. I would think that is the real source of this. The attacks on torrent downloaders is essentially a test bed on how to attack people, with the excuse that they are torrent downloaders.

Links to the place where you can read more about it (AJ) were stated above. You are obviously entitled to your own opinion, but - no offence intended - it's irrelevant because it's a fact that many of the teams competing for the top spots in several BG's have been the target of ddos attacks. There are multiple ways to acquire someone his / her IP. Skype has been one of them. I could host a transparent 1x1 pixel on a server of mine, and send you a forum PM. And I can basically see everyone who loaded that image, including their IP. And there are many other 'tricks' to get it.

Fact is; it has happened and it's still happening.

Also it's cheaper and much easier to obtain the 'means' to do it. It doesn't take a skilled hacker to do it.

In the words of my mate when I told him about this thread, "morons can and do DDoS people, it's pretty fucking easy"

Common misconception: Blocking in-bound traffic at home isn't going to stop you being DDoS'ed. This is just going to stop any data from them entering your home network. Basically you can block them from coming into your home but they're still able to march around your drive way so you can't get out.

What they're doing is saturating your max download speed and there is ultimately nothing you can do about it as its the connection between you and your ISP. Filing an abuse complaint with your ISP giving them a reason to change your IP is the first step you should take.

Then use a second computer for skype only but have a VPN/Proxy on this (really cheap to order online with things like hidemyass or hotspot defender etc).

This way all your skype calls will appear to be coming from an IP you don't actually own so if the tards decide to DDoS that, you can still play WoW.

Alternatively, buy your own TS/Vent server and get your team to connect to that so only you can see their IPs.

You must get your IP changed though, thats the most important step right now.

cange your ip and make sure they dont get it a second time, dont click any links from stranger and dont create an account with your character on arenajunkies


"morons can and do DDoS people, it's pretty fucking easy"

sad but true, its common for multi #1 players like arcurio/inspirenz who are well known on arenajunkies for ddosing people but since blizzard cant intervene whos gonna stop them?

Links to the place where you can read more about it (AJ) were stated above. You are obviously entitled to your own opinion, but - no offence intended - it's irrelevant because it's a fact that many of the teams competing for the top spots in several BG's have been the target of ddos attacks. There are multiple ways to acquire someone his / her IP. Skype has been one of them. I could host a transparent 1x1 pixel on a server of mine, and send you a forum PM. And I can basically see everyone who loaded that image, including their IP. And there are many other 'tricks' to get it.

Fact is; it has happened and it's still happening.

Also it's cheaper and much easier to obtain the 'means' to do it. It doesn't take a skilled hacker to do it.

Nope... its stupid easy... just need zombie computers and a program to tell all the slaves to ping a particular address at once.... tada.

You don't even need that, you just need faster upstream than they have downstream and you can 'DDoS'.

One comprimised server with 100mbps is usually sufficient. Or perhaps someone actually owns a connection they use to DDoS with.

NAO finals ... one team getting constantly DC'd ... can be coincidence of course.

Edit: they actually had a situation where both teams had a dc during the final and eventually had to stop the game. A complete shame, and it will happen again :/

NAO finals ... one team getting constantly DC'd ... can be coincidence of course.

Edit: they actually had a situation where both teams had a dc during the final and eventually had to stop the game. A complete shame, and it will happen again :/

Snuts was DDoSed during offline play as well apparently they finished the set off stream. I dunno though.

They're supposed to finish sometime mid week and post the videos. There's a good amount of rage going on at AJ. I think the tournament was quite well overall.

Nope... its stupid easy... just need zombie computers and a program to tell all the slaves to ping a particular address at once.... tada.

Every easier all you need is 5 bucks a month. Let a website do your DDOSing. Makes it a shitload harder to trace you and is an real DDOS. By definition of the word. BTW these services can grab your IP just with your skype username so be careful who gets ahold of yours if you do not know how to protect yourself.


You don't even need that, you just need faster upstream than they have downstream and you can 'DDoS'.

One comprimised server with 100mbps is usually sufficient. Or perhaps someone actually owns a connection they use to DDoS with.

That is a DOS, You can't "own" a DDOS connection because you can't DDOS by yourself(Ofc its possible but you would need a lot of money, computers and ironiclly would have to box DDOS programs lol)

If a single person DOS's you well then its funny. W/e your speed is there using more to take you down which is being taken up by there bandwidth. A kid on his computer will go over the cap in minutes.

Also you can DOS someone from the /run command

I have continually been getting DDoS'd. It seems they are getting my IP through skype.

my solution is quite simple... don't skype, use something else like ventrillo which will hide your IP address.

if you really must use skype, then I guess you will have to do it from an alternate IP address than what your gaming machine uses. ( alternate DSL, cable modem or one of those cell phone hot spots ).