Post by Deleted on Mar 5, 2014 17:43:56 GMT
I've seen many people here thinking that they need to keep their IP address a secret from most people because they think otherwise they'll get DDoSed. This is not the case, and I'm here to explain why.
Sure, there might be more suited people to explain this (TheCJGCJG, Madgeek, Darth, etc.), but they're generally too busy to write something like this up.
Anyway, this is digressing from the point of this thread, time to explain the reality of IP addresses and how secret you should be with them.
Your external IP address is a public address, so per the name of it, it doesn't really harm to share it around. It's really easy for a web server to get your IP, it's contained in the $_SERVER['REMOTE_ADDR'] variable in PHP, this can be easily logged for people to see. Of course without you logging in to the particular website you're on, it can't match it with anyone, but the IP address is still there, for them to see and do whatever they need to do with it. When you connect to a Minecraft server, your IP address is logged there as well, where people with the appropriate level of access can view your IP, and this time, it's really easy to match it up to someone, since you log onto the server with your Minecraft name. As you can see from these examples, it's not hard for people to get hold of your IP. From this alone, sharing around your IP with people who need it for a reason is perfectly fine (Of course, if some random person asks "What's your IP?" without you regularly talking to them or for any reason at all (like whitelisting your IP for something (like a Squid Proxy, for example)), is most likely out to get your IP to DDoS you, or other harmful things.
Also to be fair, just posting your IP address on forums like this is generally fine also, since most people either don't know what they're doing, or have no intention on attacking you. I've done it once on the "Post your background" or whatever thread. Have I received any form of DDoS since then? No. Why? Because no one had the intention of attack me, or they had no idea on how to actually go about and attack. And to prove the point, I shall do it again: 82.22.30.160 - that's my actual IP, I can assure you that I won't be DDoSed because of this thread (and those who actually know what they're doing, don't bother to just prove me wrong xD).
Now onto the attackers side of things:
Sure if you post your IP around, it'll make their lives easier to get hold of your IP to DDoS you, but the fact is, if an attacker actually wants to DDoS you, they will get your IP through other means. This can be possible by using a program like wireshark while on a Skype call, or even IM, to get your IP (note: this only works if you're on the attackers contacts, or if you have the setting turned off). This is also possible to be done through a variety of other programs, like playing on your Xbox for example. Getting hold of an IP address isn't exactly a hardship if you know what you're doing.
Now onto the subject of the actual attack. There's many different ways that a DDoSer can attack you with: UDP, TCP, SYN, Slowloris, NTP, DNS, ICMP, and lots more. UDP, NTP, ICMP and DNS methods can be amplified to deal a lot more damage than your actual internet speed is. This can be used over many servers to become a really powerful DDoS attack. These methods (with the exception of Slowloris) can be used effectively against your home internet line. There's another load of methods (HTTP, Slowloris, and more) that can be used more effectively against web servers.
You may say how can HTTP be used to attack a web server? It can be used for using an array of HTTP/SOCKS (any), to a web server that can't handle the amount of requests. Sure this wouldn't work on big websites such as Facebook, but for your average person on average hosting, it'll cap it out and then the web server will crash. There's only about half a dozen web servers that are affected by this type of attack (Apache 1.x, Apache 2.x, dhttpd, GoAhead WebServer, WebSense "block pages", Trapeze Wireless Web Portal, Verizon's MI424-WR FIOS Cable modem, Verizon's Motorola Set-top box (port 8082 and requires authentication) and BeeWare WAF.
In the event of being DDoSed, there's a few things you can do when/if you get attacked. You can first try to restart your router (this won't really work if you're on a static or sticky IP), and if this doesn't work, you can log into your router's admin panel and renew it's lease, and if this doesn't work you can change the MAC address of your router as well. If this doesn't work, and your internet has been down for over 3 hours, ring your ISP and ask for them to fix your internet.
Just because your internet is getting slower, or is down, doesn't mean it's because your being DDoSed. It could be your ISP doing maintenance, or your internet line being down for some other reason. You need to be actually sure that it is an DDoS first, which is actually quite hard to do without having a linux box running as your router running special router software.
Hopefully this has cleared up your misconception with IP addresses and how secret you need to be with them. The best way to avoid being DDoSed is to be on a VPN all of the time. You can buy an array of high quality VPNs from me if you want
Sure, there might be more suited people to explain this (TheCJGCJG, Madgeek, Darth, etc.), but they're generally too busy to write something like this up.
Anyway, this is digressing from the point of this thread, time to explain the reality of IP addresses and how secret you should be with them.
Your external IP address is a public address, so per the name of it, it doesn't really harm to share it around. It's really easy for a web server to get your IP, it's contained in the $_SERVER['REMOTE_ADDR'] variable in PHP, this can be easily logged for people to see. Of course without you logging in to the particular website you're on, it can't match it with anyone, but the IP address is still there, for them to see and do whatever they need to do with it. When you connect to a Minecraft server, your IP address is logged there as well, where people with the appropriate level of access can view your IP, and this time, it's really easy to match it up to someone, since you log onto the server with your Minecraft name. As you can see from these examples, it's not hard for people to get hold of your IP. From this alone, sharing around your IP with people who need it for a reason is perfectly fine (Of course, if some random person asks "What's your IP?" without you regularly talking to them or for any reason at all (like whitelisting your IP for something (like a Squid Proxy, for example)), is most likely out to get your IP to DDoS you, or other harmful things.
Also to be fair, just posting your IP address on forums like this is generally fine also, since most people either don't know what they're doing, or have no intention on attacking you. I've done it once on the "Post your background" or whatever thread. Have I received any form of DDoS since then? No. Why? Because no one had the intention of attack me, or they had no idea on how to actually go about and attack. And to prove the point, I shall do it again: 82.22.30.160 - that's my actual IP, I can assure you that I won't be DDoSed because of this thread (and those who actually know what they're doing, don't bother to just prove me wrong xD).
Now onto the attackers side of things:
Sure if you post your IP around, it'll make their lives easier to get hold of your IP to DDoS you, but the fact is, if an attacker actually wants to DDoS you, they will get your IP through other means. This can be possible by using a program like wireshark while on a Skype call, or even IM, to get your IP (note: this only works if you're on the attackers contacts, or if you have the setting turned off). This is also possible to be done through a variety of other programs, like playing on your Xbox for example. Getting hold of an IP address isn't exactly a hardship if you know what you're doing.
Now onto the subject of the actual attack. There's many different ways that a DDoSer can attack you with: UDP, TCP, SYN, Slowloris, NTP, DNS, ICMP, and lots more. UDP, NTP, ICMP and DNS methods can be amplified to deal a lot more damage than your actual internet speed is. This can be used over many servers to become a really powerful DDoS attack. These methods (with the exception of Slowloris) can be used effectively against your home internet line. There's another load of methods (HTTP, Slowloris, and more) that can be used more effectively against web servers.
You may say how can HTTP be used to attack a web server? It can be used for using an array of HTTP/SOCKS (any), to a web server that can't handle the amount of requests. Sure this wouldn't work on big websites such as Facebook, but for your average person on average hosting, it'll cap it out and then the web server will crash. There's only about half a dozen web servers that are affected by this type of attack (Apache 1.x, Apache 2.x, dhttpd, GoAhead WebServer, WebSense "block pages", Trapeze Wireless Web Portal, Verizon's MI424-WR FIOS Cable modem, Verizon's Motorola Set-top box (port 8082 and requires authentication) and BeeWare WAF.
In the event of being DDoSed, there's a few things you can do when/if you get attacked. You can first try to restart your router (this won't really work if you're on a static or sticky IP), and if this doesn't work, you can log into your router's admin panel and renew it's lease, and if this doesn't work you can change the MAC address of your router as well. If this doesn't work, and your internet has been down for over 3 hours, ring your ISP and ask for them to fix your internet.
Just because your internet is getting slower, or is down, doesn't mean it's because your being DDoSed. It could be your ISP doing maintenance, or your internet line being down for some other reason. You need to be actually sure that it is an DDoS first, which is actually quite hard to do without having a linux box running as your router running special router software.
Hopefully this has cleared up your misconception with IP addresses and how secret you need to be with them. The best way to avoid being DDoSed is to be on a VPN all of the time. You can buy an array of high quality VPNs from me if you want