General Discussion
  >> General Broadband Chatter


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User Andrue
(knowledge is power) Mon 24-Sep-12 17:50:08
Print Post

Dealing with a DDoS attack on a home connection


[link to this post]
 
First off this is a hypothetical question. I'm not currently under attack and don't really expect to be. However as an IDNet customer if I go over my download allowance it would cost me £1 every 1GB which is two minutes on my FTTC connection). That's £30 an hour - would be less for ADSL of course but still nasty. What's most scary about that is that IDNet have told me that it's my responsibility and the charges will be added to my account automatically without my intervention.

That means a DDoS attack could cost me over £500 a day if left unchecked.

The only suggestion they have is to monitor the RSS feed of my usage which isn't all that helpful. I suppose it might be possible to set up some kind of alert but even then I might not see the alert for several hours.

My router does have the ability to limit usage but I'm not sure if that would stop incoming traffic or just reject it. If packets get to the router they'd still count against my allowance I assume.

Edit: Hah, I found an option to disconnect the modem.

---
Andrue Cope
Brackley, UK

Just because he could. RIP.

Edited by Andrue (Mon 24-Sep-12 18:02:45)

Standard User kwikbreaks
(eat-sleep-adslguide) Mon 24-Sep-12 20:45:03
Print Post

Re: Dealing with a DDoS attack on a home connection


[re: Andrue] [link to this post]
 
Short of turning it off no home modem/router is going to have any worthwhile protection against a DDoS. Simply not responding is the only thing they can do and that won't help save the limited downlink bandwidth of a home connection which will be swamped with the unsolicited packets targeted down it.

The ability to launch a DDoS is a financially or politically valuable asset so anybody able to do so is unlikely in the extreme to launch one against a home user as there are far more rewarding targets. Worry instead about getting struck by lightning, run over by a stray elephant, etc. etc. as they are far more likely to happen to you.

The best protection against excess usage charges is to avoid using an ISP that levies them.
Standard User yarwell
(sensei) Tue 25-Sep-12 13:50:44
Print Post

Re: Dealing with a DDoS attack on a home connection


[re: Andrue] [link to this post]
 
Do you run a server that'll cough out lots of Gbytes ? I wouldn't think request packets or pings would add up to much but I may be showing my ignorance - I thought it was the number of simultaneous requests that pulled things down.

--

Phil

MaxDSL - goes as fast as it can and doesn't read the line checker first.

MaxDSL diagnostics


Register (or login) on our website and you will not see this ad.

Standard User mixt
(experienced) Tue 25-Sep-12 14:22:51
Print Post

Re: Dealing with a DDoS attack on a home connection


[re: Andrue] [link to this post]
 
AAISP deal with this (to some extent) by rate limiting your download speed on their side, before your traffic hits the BT BRAS. They do this so they can detect when the rate of traffic hitting your line exceeds the line's capable download speed. At this point, they know something is a bit a screwy as there would be a whole wad of traffic (most of it being dropped) targeted at your connection.

I believe their systems would automatically disconnect you at this point (can't say for sure, never had this happen to me (yet)). Also, due to this smart limiting, you would not be over charged for traffic directed towards your connection, as they only charge on traffic that was actually sent to you, not traffic received by them destined for you (hope you can appreciate the difference).

Anyway, to answer your question, I agree with others. Not much you can do, except to drop your connection and disconnect. Not ideal at all really.

Now on <aaisp.net> (21CN+IPv6)
Previous ISPs: Virgin Media (50Mb/Cable), Be* Un Limited, ZeN
Is Linux routing your internet connection?
Need to make BIND geo-aware?

Edited by mixt (Tue 25-Sep-12 14:26:24)

Standard User Andrue
(knowledge is power) Tue 25-Sep-12 20:26:18
Print Post

Re: Dealing with a DDoS attack on a home connection


[re: yarwell] [link to this post]
 
In reply to a post by yarwell:
Do you run a server that'll cough out lots of Gbytes ? I wouldn't think request packets or pings would add up to much but I may be showing my ignorance - I thought it was the number of simultaneous requests that pulled things down.
There's an FTP server that could be hacked or maybe the email server although both have throttling and usage limits. I'm not sure about the impact of pings either.

---
Andrue Cope
Brackley, UK

Just because he could. RIP.
Standard User kwikbreaks
(eat-sleep-adslguide) Wed 26-Sep-12 10:01:02
Print Post

Re: Dealing with a DDoS attack on a home connection


[re: yarwell] [link to this post]
 
Home connections are slow compared to servers. Pings can be pretty large even with the windows ping command -

C:\Windows\System32>ping bbc.co.uk -l 1400

Pinging bbc.co.uk [212.58.241.131] with 1400 bytes of data:
Reply from 212.58.241.131: bytes=1400 time=11ms TTL=244
Reply from 212.58.241.131: bytes=1400 time=14ms TTL=244
Reply from 212.58.241.131: bytes=1400 time=13ms TTL=244
Reply from 212.58.241.131: bytes=1400 time=11ms TTL=244

Ping statistics for 212.58.241.131:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 11ms, Maximum = 14ms, Average = 12ms

A few thousand machines doing that or the equivalent and your bandwidth would be saturated.
  Print Thread

Jump to