DOS Attacks

[obscura2k]

Hi guys,

Been a fan of these forums for a long time but never needed to register until now, in which i need some help.

Recently, me and an old ex-friend had words and things turned nasty, i ruled him out of all our business dealings and left it at that. But the guy is smart, and he knows a hell of a lot about security, and runs his own small datacentre ...

The thing is, he DOS attacked me a while ago, perma flooding my poor cable modem for 48 hrs, he openly admitted it and promised to carry on until i pay him to stop lol ...

Anyways, i had planned to go away on business for 5 days so i left the whole system unplugged, when i returned i noticed i had a new IP address from NTL and the attacks had stopped, but then he got my new one through a forum visit, although didnt attack, but threatened to

I contacted the NTL Abuse team and i didnt hear anything back, so i called teh tech lines to see if i could get an ip change, but the indian guy on the fone just kept explaining how DHCP servers work, even though i told him 50 times i know how damn well works

I still havent heard anything back from NTL, so yesterday i went into the tech assistant, he looked at the DHCP table and said my ip was set to be released today at 16 pm (was issued on 15th April so i had it 45 days) and told me to turn the modem off for 20 secs after 16pm, and when i turned back on, i would have a new ip

I followed his instructions, and still i got the same ip address, so i went back in and said look, you give me an ip for 45 days, then tell me its gonna change, then it doesnt, and you expect me to surf in fear for another 45 days whilst the NTL Abuse team do naff all ... he just referred me to some technet page that explained how DHCP works lol

I use a router, which blocks most **** from reaching the PC/Laptop, but obviously the traffic hits the modem first before the router so i can stop it

Anyone got any solution as to how to force an IP change, or explain a way i can stop/reduce/protect myself from these attacks

Many Many Many Thanks in advance!

Regards
Obscura2k

[Chris W]

to the forum

Is this person on an ntl connection? If not, then there is little that the abuse team can do to help you- you are best off filing a complaint with his service provider and they will take the appropriate action. Include as much evidence as you can- firewall logs, emails received etc etc.

With regard to changing the ip, are you using usb or ethernet?

The long and short of it is that the guy is blackmailing you -> pay me or i'll break your internet connection, so have you thought about contacting the police?

[Foo Fighter]

change mac address of computer/router conected to the ntl modem

just make a new mac and reset modem, get a new ip from it should be 10.x.x.x.x etc (is for me i think) open up your browser and type start.ntl in the address bar were you will have to enter your pid/pw then reset and anyway you go.

[obscura2k]

fanks guys,

Yes he is an NTL customer, i gave them his ip, address, name, the lot and havent heard anything back ... and he's still online, so

Your reply seems interesting foo, but i dont follow how to make a new mac addy sorry mate ...

[Chris W]

Quote:

Originally Posted by Foo Fighter

change mac address of computer/router conected to the ntl modem

just make a new mac and reset modem, get a new ip from it should be 10.x.x.x.x etc (is for me i think) open up your browser and type start.ntl in the address bar were you will have to enter your pid/pw then reset and anyway you go.

that only applies if you are using a set top box, with a cable modem, it is just a case of changing the mac, then rebooting cable modem and router and getting a full ip. no provisioning process for pcs connected though a SACM.
__________________

Quote:

Originally Posted by obscura2k

fanks guys,

Yes he is an NTL customer, i gave them his ip, address, name, the lot and havent heard anything back ... and he's still online, so

Your reply seems interesting foo, but i dont follow how to make a new mac addy sorry mate ...

If you PM me his and your details i will pass them on next time i am in work.

What make of router are you using?

[obscura2k]

Oh sorry i forgot to mention,

I am using Ethernet, have one of those little silver thing modems, which is plugged into a wireless router, but i tend to take it off the router when im trying to get new ip address ...

reckon a mac addy change would get me a new ip? if so, got a simple guide for me to follow?

Really really really appreciate your help fellas ... owe you a pint, or two!

[Chris W]

Quote:

Originally Posted by obscura2k

Oh sorry i forgot to mention,

I am using Ethernet, have one of those little silver thing modems, which is plugged into a wireless router, but i tend to take it off the router when im trying to get new ip address ...

reckon a mac addy change would get me a new ip? if so, got a simple guide for me to follow?

Really really really appreciate your help fellas ... owe you a pint, or two!

changing the mac address of the router will give you a new ip, if you can tell me what make/ model of router it is i will post back with full instructions

[obscura2k]

fanks mate, i owe you one ...

its a Linksys WRT54G Wireless Broadband Router ...

cheers bud!

[Rob M]

The trick will be to make sure that he doesn't get your new IP address.

Whatever you did before that gave him access to it, don't do it again!

If he gained access to it through a forum that you used it might be wise to let the Mods/Admins at that forum (or at least the Forum Owner) know that he is abusing the powers that he has and mis-using the information. They have a legal requirement to protect that information.

It's also worth pursuing this matter with NTL, he's abusing the network and also (I suspect) committing a criminal act through what he is doing to you.
__________________

If it's a WRT54G

Open a new browser window.

In the address bar type 192.168.1.1 and hit go.

Now you will be asked to input the username and password that you put in when you set the router up. If you didn't change them then the default will be admin and Admin I think (check your instruction manual though).

Once you are in go to Setup > MAC address clone

You can enter any MAC address you like here, or clone that of your PC, not sure what you should put in but I'm sure that MB will be able to give you an idea. After you've put in whatever you need to click on Save Settings to apply the changes.

Once this is done you will probably need to reboot everything, again I would wait for confirmation from MB as there may be some special steps.

<EDIT: The default password is admin (all lower case) there is no default username so leave that blank>

[obscura2k]

hehe fanks, hope he can reply before i goto bed

[Rob M]

Apologies, it would appear that I have lft my manners in my other hood tonight.

to Cable Forum obscura.

Hopefully we'll help you get this all sorted. Not sure it will be tonight though as it's getting pretty late.

While you're waiting why not sit back, kick off your shoes, relax, and enjoy your stay

[obscura2k]

thanks guy, when i went into the mac addy clone bit, it had cloned the mac addy of my pc, so i clicked DISABLED, rebooted everything, and now i have a new ip address ...

CHEEEEEEEEEEEEEEEEEEEEEEEEEEEEERRRRRRRRRRRRRRRSSSS SSSSSSSSSSS

LOVE U GUYS!

[Chris W]

Quote:

Originally Posted by obscura2k

fanks mate, i owe you one ...

its a Linksys WRT54G Wireless Broadband Router ...

cheers bud!

You need to login to the router first.... either http://192.168.1.1/ or https://192.168.1.1/ will work depending on your router config. You will be prompted for a password, and unless you have changed it, i think the default password is administrator, with nothing in the username box.

This will take you to the setup screen, and at the top you have an option "mac address clone". Before clicking this, disconnect the power from your cable modem. Then have a look at the sticker on the bottom of the modem, and you will find a mac address. Fill this in on the router config page, but increase the last digit by 1. Two digits in each box, so for example if my modem's mac address was
00028a154f17, i would enter 00 02 8a 15 4f 18. If the mac address ends in a letter, bear in mind only a-f are used, so if it is F, enter 0 on the router.

When you have done this, apply the settings and then reconnect the power to the modem. When sync and rdy come on solid, unplug the router's power for 10secs, and then reconnect it. When it settles down, voila, new ip address. You can verify this by checking the "status" page and looking at the ip address there

any problems... let me know....

[Rob M]

Quote:

Originally Posted by obscura2k

thanks guy, when i went into the mac addy clone bit, it had cloned the mac addy of my pc, so i clicked DISABLED, rebooted everything, and now i have a new ip address ...

CHEEEEEEEEEEEEEEEEEEEEEEEEEEEEERRRRRRRRRRRRRRRSSSS SSSSSSSSSSS

LOVE U GUYS!

WoW... Sorted.

Did you need to reboot the Cable Modem at all to get it to work or did it just sort that bit out itself?

Glad you're sorted, for now at least, but don't forget what I said above about making sure this doesn't happen again and pursuing the matter.

[simbr]

This page might be of help as well:
http://www.ntlworld.com/help/security/internetabuse.php