Getting DDoS'd...

[Fatalis]

I think it's highly likely you WERE being dos'ed or ddosed. Considering the circumstances and the well documented problems of late i find it hard to believe that it should be anything else. Of course what Apps said should be considered first and foremost but it's one hell of a coincidence that surrendly when you're amongst the top contenders you get this problem of being dc'ed while in arena. As i said it's been well documented by now that this is going on and it's not a new thing either, it just got more widespread than it used to be. The thing is, there has been two different tactics on dc'ing opponents in arena.

#1 Using an exploit/bug in WoW to DC others.
#2 (D)Dos attacks

Most in catagory 1 gets stomped out rather fast because it spreads like wildfire and has been used in rated bg's aswell. Since it's done via actions in WoW it is also very easy for Blizzard to track and punish. So these problems gets sorted by themselves in time. The problem with this tactic is that you often can't defend against them at all - except from not playing until it's fixed.

Catagory 2 with DoS attacks is alot harder to avoid since Blizzard has little to do with it. I am sure that they will ban people who use it if it's proven, which has been the case before. Not long ago several were banned because of this, but it took quite awhile for this to happen.

What you can do, as already mentioned is to route through a proxy. Find somewhere you can get a free SSH account. Download PuTTY, connect to the account via PuTTY and have it port forward on port 1234. Then via skype have toggle automatic proxy detection and set it to socks proxy 127.0.0.1 port 1234. Close down skype and open it again. Now noone should be able to see your IP via skype anymore.

Now atleast noone should be able to get your IP from skype in the future.

You can do alot to protect your router, depending what router you have. Cisco is really good, but you probably have something in the lines of a Linksys. Linksys also has some setings that can help.

Here is a quotation from Steve Riley on Router security:

1. Block all inbound traffic where the source address is from your internal networks. Why in the world would there be traffic on the outside that originates from the inside? This is a sign that someone is spoofing you.
2. Block all outbound traffic where the source address isn't from your internal networks. This is the inverse of #1: there's never any reason for your network to emit traffic that's sourced from some other network. Somone on the inside is spoofing someone else (we have a term for such people: employee).
3. Block all inbound and outbound traffic where the source or destination addresses are from the private address ranges. Defined in RFC1918, these addresses are for use in internal networks; ISPs agree not to route such traffic. Of course, ISPs make configuration mistakes, too; I've seen traffic with these addresses on the Internet. So don't trust that your ISP is perfect, block the stuff yourself. And remember to include the Windows automatic private IP addressing block. The ranges, then, are: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, and 169.254.0.0/16.
4. Block all source-routed packets. Way back in 1970, when "routers" were Unix computers running a routing deamon, they weren't all that reliable. So IP includes a provision for the headers of a packet to indicate the route the packet should take from its source to its destination. Source-routing was necessary then, but it's completely unnecessary today: routers are some of the most reliable gear around. Source-routed traffic is the sign of an attack: drop it all.
5. Block all broadcast packets, including directed broadcasts. Broadcasts are useful inside a network, but have pretty much zero utility between networks, so don't let the stuff in (or out). And good old smurf attacks, still seen as a form of revenge in IRC, rely on directed broadcasts. [Thanks to Michael Dragone for suggesting this additional rule.]
6. Block all packet fragments. Fragrouter is an old but wonderful tool, imminently useful for evading network intrusion detection. With it, an attacker can create packet fragments -- TCP or UDP packets missing the TCP or UDP header -- and, for example, map out your firewall policy and prod for holes and mistakes in your configuration. With one notable exception, fragments are generally not created, so there's no reason to permit them into your network. What's the exception? IPsec -- or, more precisely, IKE authentication in IPsec. During the authentication sequence, IKE performs six round trips between the peers. As the peers negotiate a protection suite and exchange keys, IKE generates fragments: very rarely will the key fit in a single packet. So if you're allowing IPsec between the Internet and something behind your border router, you'll need to skip this final rule.

I would, if i were you, look through your router settings and see what options you have that could help you against attacks. Such as ip verify unicast reverse-path.

Try and play around with your router settings and see what you can find. I hope some of this can help you out.

Cheers and good luck

[traedoril]

For those who said that you could not be online and DDoS someone you are unfortunately incorrect. Any house with two seperate routers set up can cache IP addresses local only to one router and DDoS anyone while still remaining online in arenas. This is a well documented problem at higher ratings and something has to be done to stop it.

[Shodokan]

My router won't let me block certain incoming traffic from what i've seen

[valkry]

Um, coincidence?

I don't think that there are hundreds or thousands of computers involved in an attack on you (ruling our DDoS) and I don't think anyone with the knowledge to do such a thing (DoS) would risk federal prison to win a match against one team in a game, I have to say. Who is your ISP?

Nobody could be attacking you with a DoS attack and remain online with the same, or attached IPs (so, not in the same house).

I'd say, you got bad timing, and your ISP was taking a dump. it happens

Have you not met the internet?

[HPAVC]

So there is a blog or forum that is feeding someone asshats ip addresses.

So a wow forum/blog for example you logged into would give them your ip address, from there they would target that address. Getting that address to correspond to arena people would either mean arena specific blog or them knowing something specific about you. Them knowing something specific about you would mean you filling out a your server/guild/character name someplace (like ej, team/comp signature app, or using a tool like tune by reforges, etc)

There is no way someone playing the game is going to decide they want to ddos you and then attack your router. Baring them living in your dorm, house, or similar.

My guess if this paranoia is for reals is that a blog got hacked and they don't know it.

If your also running bit torrent software downloading 'stuff', these attacks happen often days after you stop downloading and pack up the client and switch ports, even if you pick up someone elses ip the attack is still there. That's jut part of that game. I would think that is the real source of this. The attacks on torrent downloaders is essentially a test bed on how to attack people, with the excuse that they are torrent downloaders.

[zenga]

So there is a blog or forum that is feeding someone asshats ip addresses.

So a wow forum/blog for example you logged into would give them your ip address, from there they would target that address. Getting that address to correspond to arena people would either mean arena specific blog or them knowing something specific about you. Them knowing something specific about you would mean you filling out a your server/guild/character name someplace (like ej, team/comp signature app, or using a tool like tune by reforges, etc)

There is no way someone playing the game is going to decide they want to ddos you and then attack your router. Baring them living in your dorm, house, or similar.

My guess if this paranoia is for reals is that a blog got hacked and they don't know it than many would think. It doesn't take a skilled hacker to do it.

If your also running bit torrent software downloading 'stuff', these attacks happen often days after you stop downloading and pack up the client and switch ports, even if you pick up someone elses ip the attack is still there. That's jut part of that game. I would think that is the real source of this. The attacks on torrent downloaders is essentially a test bed on how to attack people, with the excuse that they are torrent downloaders.

Links to the place where you can read more about it (AJ) were stated above. You are obviously entitled to your own opinion, but - no offence intended - it's irrelevant because it's a fact that many of the teams competing for the top spots in several BG's have been the target of ddos attacks. There are multiple ways to acquire someone his / her IP. Skype has been one of them. I could host a transparent 1x1 pixel on a server of mine, and send you a forum PM. And I can basically see everyone who loaded that image, including their IP. And there are many other 'tricks' to get it.

Fact is; it has happened and it's still happening.

Also it's cheaper and much easier to obtain the 'means' to do it. It doesn't take a skilled hacker to do it.

[valkry]

In the words of my mate when I told him about this thread, "morons can and do DDoS people, it's pretty fucking easy"

[Ashley]

Common misconception: Blocking in-bound traffic at home isn't going to stop you being DDoS'ed. This is just going to stop any data from them entering your home network. Basically you can block them from coming into your home but they're still able to march around your drive way so you can't get out.

What they're doing is saturating your max download speed and there is ultimately nothing you can do about it as its the connection between you and your ISP. Filing an abuse complaint with your ISP giving them a reason to change your IP is the first step you should take.

Then use a second computer for skype only but have a VPN/Proxy on this (really cheap to order online with things like hidemyass or hotspot defender etc).

This way all your skype calls will appear to be coming from an IP you don't actually own so if the tards decide to DDoS that, you can still play WoW.

Alternatively, buy your own TS/Vent server and get your team to connect to that so only you can see their IPs.

You must get your IP changed though, thats the most important step right now.

[Kruschpakx4]

cange your ip and make sure they dont get it a second time, dont click any links from stranger and dont create an account with your character on arenajunkies

"morons can and do DDoS people, it's pretty fucking easy"

sad but true, its common for multi #1 players like arcurio/inspirenz who are well known on arenajunkies for ddosing people but since blizzard cant intervene whos gonna stop them?

[Shodokan]

Links to the place where you can read more about it (AJ) were stated above. You are obviously entitled to your own opinion, but - no offence intended - it's irrelevant because it's a fact that many of the teams competing for the top spots in several BG's have been the target of ddos attacks. There are multiple ways to acquire someone his / her IP. Skype has been one of them. I could host a transparent 1x1 pixel on a server of mine, and send you a forum PM. And I can basically see everyone who loaded that image, including their IP. And there are many other 'tricks' to get it.

Fact is; it has happened and it's still happening.

Also it's cheaper and much easier to obtain the 'means' to do it. It doesn't take a skilled hacker to do it.

Nope... its stupid easy... just need zombie computers and a program to tell all the slaves to ping a particular address at once.... tada.