Am I DDoSed?

[Ninsew]

Hi.

I recently started streaming, and it's been going pretty well for me - usually at 100 viewers.
But with the fame comes the hate, and I'm pretty sure I'm getting DDoSed.

It started a couple of days ago, when I tried to make a Mirror's Edge stream. All of a sudden, stream DC'ed and I couldn't reconnect. I tried using Google Chrome, and it kinda worked for a while (took ages to load websites but eventually they did). However, after a couple of minutes the internet completely died for me and I couldn't reconnect for about an hour.

Then, during a raid last sunday, just when I joined the raid, I started to have insanely high latency (about 2k ms) and Mumble started to lag. I finally got DC and couldn't get back online for like an hour. I used some of my AWESOME COMPUTER KNOWLEDGE and did some magic in cmd (ipconfig /release and ipconfig /renew ) and got my shiet to work.

This morning, I had no problems, until 15minutes after going live on my stream. I got the lag shitty, went offline and did my CMD magic again. I got myself a proxy, which gave me a file that i "Merged" to hide my IP from Skype. Afterwards, I closed Skype, did some CMD magic and it was fine the entire day!..

.. until a minute after getting into my raid. Started on trash, had some problems, whispered my Raid Leader telling him I probably couldn't play. He said "give it a try" and it really didn't work. During our 2nd try, this happend:

http://www.youtube.com/watch?v=0JYNo2WNUPw

The noice you can hear in the background is Mumble. They are talking, but it's lagging A LOT.

I told my RL I had to get replaced, and then my internet completely went off. I tried to ping reddit.com, and noticed really high MS + not all of the pings coming back, so I tried to release and renew my internet connections - didn't work. Went AFK for about half an hour, and here we are, internet works.





I need help to know if this is a DDoS, or something wrong with my internet provider. Imo it really seems like a DDoS, and I kinda know networking. Plus it's wierd if I get this shit when I start to do important stuff (starting to raid, turning on the stream ect). If it's DDoS, a link to a working guide to preventing DDoS would be awesome.

[Ripox]

I don't think you're being ddosed.

[Speaker]

I would not use skype, even if you got something that supposedly hides your IP. And it may only be happening during raiding/streaming because that is when your network traffic is highest, and your network may not be handling it well. It could be your modem, it could be your router, it could be your ISP, it could be DDoS. I can't really help you much, sorry.

[Ninsew]

I don't think you're being ddosed.

Why not? What do you base your theories on? What else could it be?

[Theodon]

open up the CLI and type netstat -na and post what that says when you are lagging. If you are getting DDoS attacks then you should have loads of UDP packets from the same IP address. If the person doing the DDoS is lazy then you might be able to get away with blocking a few IP address ranges on your router and solve the issue.

Obviously only do that when you are idle as streaming something like a video will likely generate a lot of UDP packets. Most traffic when you are idle should be TCP though.

[Ninsew]

open up the CLI and type netstat -na and post what that says when you are lagging. If you are getting DDoS attacks then you should have loads of UDP packets from the same IP address. If the person doing the DDoS is lazy then you might be able to get away with blocking a few IP address ranges on your router and solve the issue.

Obviously only do that when you are idle as streaming something like a video will likely generate a lot of UDP packets. Most traffic when you are idle should be TCP though.

Loads as in 15 or as in 500?

[Theodon]

Loads as in 15 or as in 500?

I'm not entirely sure, but a DDoS is so many that you just have no bandwidth to do anything else, so I'd assume loads as in "HOLY SHIT! look at all of those!" loads.

The amount of packets sent depend on the bot used I think. Some can send upto a million a second. Going from that I'd assume a DDoS would stand out enough to be obvious which IP, or IPs, are the source. If you still think it's a DDoS attack then let your ISP know and they'll be able to do something about it.

[Ninsew]

Yeah, you are obviously getting ddosed, most obvious explanation. Let's face it, 100 viewers while streaming is no small deal... if I were you I would consider hiring real life protection, you never know what those evil haters might be plotting next.

No need for trolling. If you, o'mighty Networking King, know's what else it could be, please tell me.

[Shiromar]

Honestly just looks like you're overpowering your net to me. Trying to use up too much bandwidth and you're being limited. What's your connection like?

[Beecup]

If you've been showing your skype name or steam name then you may be getting DDoSd. Really though, with 100 viewers I doubt anyone would spend the time of their bots or money to shut you down.

Best way to prevent DDoS - do not show anything identifiable that can give away your IP address. If you're in the same steam group as someone they can call you on steam and easily find your IP. Skype used to be easy to get IPs if you knew their Skype name (I think the exploit was fixed, I'm not sure).

If your internet goes down try to call your ISP and tell them your internet access is severely degraded and you want a new IP address. They might whine but most places are supposed to if requested.

Also, if you want to run wireshark while you are having network issues and see a huge influx of packets (in the thousands per second most likely) that's a DDoS.

If you need any help or have other questions feel free to ask, I do this stuff for a living.

[Ninsew]

Honestly just looks like you're overpowering your net to me. Trying to use up too much bandwidth and you're being limited. What's your connection like?

Usually 10/10. When I lagged during the raid I tried to test my connection, and I had 1/4 or something like that. And no, I don't think I'm overpowering it. I have no problem watching a stream, streaming myself, while I'm downloading HIMYM and a steam game at the same time as I'm playing WoW. Going from that to just WoW + stream shoulnd't make it overpowered :P

- - - Updated - - -

If you've been showing your skype name or steam name then you may be getting DDoSd. Really though, with 100 viewers I doubt anyone would spend the time of their bots or money to shut you down.

Best way to prevent DDoS - do not show anything identifiable that can give away your IP address. If you're in the same steam group as someone they can call you on steam and easily find your IP. Skype used to be easy to get IPs if you knew their Skype name (I think the exploit was fixed, I'm not sure).

If your internet goes down try to call your ISP and tell them your internet access is severely degraded and you want a new IP address. They might whine but most places are supposed to if requested.

Also, if you want to run wireshark while you are having network issues and see a huge influx of packets (in the thousands per second most likely) that's a DDoS.

If you need any help or have other questions feel free to ask, I do this stuff for a living.

Actually I didn't know you can get the IP from Stream - and yes, I've shared both my Steam and Skype (Steam on purpose, Skype by mistake). Does a "ipconfig /release" followed by a "ipconfig /renew" give me a new IP adress?

[Beecup]

Actually I didn't know you can get the IP from Stream - and yes, I've shared both my Steam and Skype (Steam on purpose, Skype by mistake). Does a "ipconfig /release" followed by a "ipconfig /renew" give me a new IP adress?

In theory it should. Sometimes though an ISP will still assign you the same IP address since you were the last person to lease it. You can check your IP address before and afterward with ipconfig to see if it actually changed. If it didn't you'll need to talk to your ISP. The problem is that if someone is trying to DDoS you they still have a way to find your IP address with relative ease.

http://forums.steamgames.com/forums/...php?p=23742696 - first one I could find. If someone is your steam friend or shares a group with you they can call you and capture your IP address

I googled the Skype problem too and it seems to still be exploitable as of May of this year (old, but it may still be broken)

[Cyanotical]

ipconfig /release only changes your local address, if you have a router it does nothing to your public IP

there is a difference between a DDoS and a DoS, a DoS is one person sending a SYN flood, a DDoS is many people sending SYN floods, (usually a bot net) but the thing to remember is that DoS attacks are highly visible and traceable, so only a complete moron of a hacker would use one against a person playing games

mostly likely with a 10Mb connection, you are probably having ISP issues, a skype video call uses about 6Mb, wow uses about 300Kb, streaming is going to depend on your quality settings, same with other viop systems

its very possible that your ISP is just not setup for a continuous use, and is giving over rated connection off of a fractional, very common, especially with cable ISPs, think of it like a talking stick, only one person on a node can get full bandwidth at a time, if everyone is using it, everyone slows down

another possibility is that there is deep packet inspection on a peer edge that can't keep up (think Cox in Arizona a few months ago)

OP, next time you get a drop in internet speed, open CMD, and type: tracert 8.8.8.8 then post the results

[Deleted]

How exactly would you get DDoSed if you don't run a server which responds to outside requests?

[Iyarashii]

You're not being DoS'd I've been DoS'd before and it's nothing like that. You're just being throttled by your IP nothing more, call them up and ask them why they're doing it and how to prevent it.

[Cyanotical]

How exactly would you get DDoSed if you don't run a server which responds to outside requests?

you don't need to respond, your firewall still has to receive and analyze the SYN requests to drop them, a basic SYN flood is often more than enough to overload most home routers processors

[lordmatthias]

What resolution are you streaming at, do you have other users on your network, and what streaming service are you using? (Are you having users connect directly to your network for the stream [less common], or are you uploading to a streaming site and distributing the video through there)? It is possible you are being DDoS'd as a 10/10 connection is pretty easy to overtake when you have other users on a 50/50, 50/15, or possibly even google fiber, they potentially would not even need to have access to a botnet if they have a decent PC.

I would take a look at how much bandwidth you are actually using on your network first as a 1080p stream would basically cap your pipe all on its own, if you are running anything else you would likely be running into issues (along with anyone else who might be trying to use the internet at the same time).

If you are being DDoS'd make sure you use a different streaming handle than any other one you may use, and make sure you protect your IP. Once you are sure you a covered there contact your ISP and have them release/renew your IP lease (if you don't have a static IP for your network), if you do have a static IP request a new one.

[Ninsew]

http://pastebin.com/EMk40nWF

Here is a copy of my CMD right after getting my internet down once again - did a "netstat -na" and a "tracert 8.8.8.8" , and this is the resaults. As some of you said, this doesn't really look like a DDoS to me, and I might have been completely wrong.. Damn, I was hoping it was a DDoS - now I have to do some shit to get it working (not sure what though).

- - - Updated - - -

What resolution are you streaming at, do you have other users on your network, and what streaming service are you using? (Are you having users connect directly to your network for the stream [less common], or are you uploading to a streaming site and distributing the video through there)? It is possible you are being DDoS'd as a 10/10 connection is pretty easy to overtake when you have other users on a 50/50, 50/15, or possibly even google fiber, they potentially would not even need to have access to a botnet if they have a decent PC.

I would take a look at how much bandwidth you are actually using on your network first as a 1080p stream would basically cap your pipe all on its own, if you are running anything else you would likely be running into issues (along with anyone else who might be trying to use the internet at the same time).

If you are being DDoS'd make sure you use a different streaming handle than any other one you may use, and make sure you protect your IP. Once you are sure you a covered there contact your ISP and have them release/renew your IP lease (if you don't have a static IP for your network), if you do have a static IP request a new one.

I'm streaming at 720p, and I'm the only one using the network (well, my mom sometimes checks her mail).