Can no longer play

Until I can resolve the current issue with my internet connection / computer network I can no longer play Empires or most any other game for that matter.

Last week I pissed off the wrong person in the slavehack IRC chatroom and next thing I knew I got hit with a massive DDoS attack on my connection. Even after reformat my logs still fill at 1MB a minute for the most part and my connection is barely reliable. My ISP blames the attack, the log files and the speed at which the log files scroll (so fast sometimes you cannot read the numbers ) on a 'touchy firewall'. When they sent their technician out to look at the problem he spent more time bitching about how firefox is more dangerous than IE and we should go back to IE.

Here's some excerpts from the log files if anyone here is good in networking ( Been to alot of tech sites and people could care less ).:

Code:

2006-07-07 20:31:08;;192.168.234.201:3102;192.168.234.1:80;TCP;Allowed 
 2006-07-07 20:31:09;;192.168.234.201:3103;192.168.234.1:80;TCP;Allowed 
 2006-07-07 20:31:09;;192.168.234.201:3105;192.168.234.1:80;TCP;Allowed 
 2006-07-07 20:31:09;;192.168.234.201:3106;192.168.234.1:80;TCP;Allowed 
 2006-07-07 20:31:09;;192.168.234.201:3107;192.168.234.1:80;TCP;Allowed 
 2006-07-07 20:31:09;;192.168.234.201:3108;192.168.234.1:80;TCP;Allowed 
 2006-07-07 20:31:09;;192.168.234.201:3109;192.168.234.1:80;TCP;Allowed 
 2006-07-07 20:31:09;;192.168.234.201:3110;192.168.234.1:80;TCP;Allowed

192.168.234.201 is my computer and 192.168.234.1 is the router.

Code:

 2006-07-07 20:21:25;;192.168.234.201:24565;192.168.234.201:1900;UDP;Allowed 
 2006-07-07 20:21:25;;192.168.234.201:24565;192.168.234.201:1900;UDP;Allowed 
 2006-07-07 20:21:25;;192.168.234.201:24565;192.168.234.201:1900;UDP;Allowed 
 2006-07-07 20:21:25;;192.168.234.201:24565;192.168.234.201:1900;UDP;Allowed

Thats my computer...connecting to itself....

Code:

 2006-07-04 00:00:36;;169.254.220.220:21561;169.254.220.220:1900;UDP;Allowed 
 2006-07-04 00:00:36;;169.254.220.220:21561;169.254.220.220:1900;UDP;Allowed 
 2006-07-04 00:00:36;;169.254.220.220:21561;169.254.220.220:1900;UDP;Allowed 
 2006-07-04 00:00:36;;169.254.220.220:21561;169.254.220.220:1900;UDP;Allowed 
 2006-07-04 00:00:36;;169.254.220.220:21561;169.254.220.220:1900;UDP;Allowed 
 2006-07-04 00:00:36;;169.254.220.220:21561;169.254.220.220:1900;UDP;Allowed 
 2006-07-04 00:00:36;;169.254.220.220:21561;169.254.220.220:1900;UDP;Allowed 
 2006-07-04 00:00:36;;169.254.220.220:21561;169.254.220.220:1900;UDP;Allowed 

That occurs alot as well.

Lots of other weird instances such as my computer constantly trying to connect to our ISP's DNS servers and then after a minute or two their DNS servers do the same back. But the thing that bugs me the most is the port increments by one on pretty much every connect attempt, where it has NEVER done that before or ANY of this. I've never seen my computer connect to the ISP's DNS servers nor theirs to mine or never the speed at which these connections are flowing. It took 24 hours to change our IP and our activity lights are pretty much solid still.

So until I get this problem solved I'l be unavailable for the most part.

 

That sucks man, I hope things get fixed soon.

 

He could possibly have affected your broadband modem. Was it a file that you opened from an email or did this just start happening to your computer?

Have you tried disconnecting all cables to the internet. Turning your broadband modem off and plugging it out for 20 minutes while you format your harddisk(s) completely and reinstall windows XP from scratch. Before you reconnect to the internet make sure to have a firewall up and running and preferably something better then Windows firewall.
Keep the log file open then plug in your broadband.

If it starts happening again how long after you plugged it back in did it start doing it again? Instantaneously or did it take a few seconds or minutes?

He may be targetting your IP address using a ping calling or some other type of program loop but changing your IP address should have stopped that and he would need an always on server to keep it going.

If it starts happening again try running an IP trace program on all of the IP addresses that you don't recognise in the log file. If any of them seem suspicious you could look into ways of blocking that exact address or atleast talking to your ISP and see if they know what that IP address is.

If none of this helps then I'm baffled.

 

I dont open files in emails unless they are from very close friends.

There was a war going on in the IRC talking about what OS is good for servers and my side of the argument was Debian command line with no GUI and it went from there. The attack happened just a minute or two after I called him a 'Lemonade stand operating skiddie' which is why I thought it was from him. I was using TOR but apparently it wasnt masking my IP -_-.

Everything you've said I have done and yet it still occurs, my ISP will not block any IP's OR even look at their damn DNS servers to see why they are constantly hammering me as well.

In about a week I'l be taking my computer over to a family members house to see if my log files still go crazy on their connection:
If they do then obviously its buried within the hard drives somewhere
If not then its something else on the local network and I can go from there.

 

If it doesn't happen on another connection then just switch ISPs if you can.

 

Could always call the police. It is a criminal offense after all. If nothing else, they'd at least get your isp to do something.

 

Alright Phaser bro, who the fuck do I have to kill. I just got more ammo for my hunting rifle. Not very inconspicuous, so maybe I should get some for the Glock.

 

you could always manually change your IP though it may only delay the inevitable.

You could keep swapping ports forcing him to re-scan for the open port untill he gets bored and stops...

If you are an american citizen you could trace and whois and report him at abuse@ISP.com which, if in the united states, his ISP will have to handle by law or be fined by federal gov't. If said target is outside of the united states you can still report him but the ISP is not obligated to do anything about it. This is how pirate distributors avoid getting pinched. The alternative is to learn that country's law and abide by it accordingly or get a friend in that country to set the mark for you.

Or you could spoof & tunnel your connection, bounce off a few proxies, and fuck him up the ass a few times untill he gets the picture.

If youre on a router you can put the IP in and manually block it via filters.

If you are friends with a IRC server admin, and know which chats he frequents, you could insert a friendly file and have it advertised to him, somehow, about how "cool" the file is: music; movie; pron; whatever.

If he messed with your modem you could try reinstalling the modem driver or rolling back, power-reboot, and see if that helps which it prolly wont. Dont use lucent modem drivers. They can be annoying.

Pick your poison.

<insert responsibility disclaimer here>

Your actions are your own.

 

Well, based off of what you said Phaser, if it still is screwing up on another connection then it obviously must be something local; I think I might have the tools for you (I have downloaded sooo much of the internet, including many "anti-" hack tools, that can be useful in situations like this. Plus my Uncle is a sys admin, and he pwns all.)

First, do you have a recovery drive? A lot of times when I get something on my system, I can remove it, but my damn recovery drive (D: on My Computer) will make a backup of it, that's encrypted and I can't access. I usually just to an antivirus scan on the D: drive, and do a 3X delete.

Second, TRY THIS PROGRAM! It shows you any and every program/process that is connecting to ANY network, anywhere. You can see the port it's using, the remote address it's accessing, whether it's listening or sending, where it is on your computer, and when it was created (and more!).

You can kill the process, or close it's connection, or even produce a HTML report of all the running processes just like HijackThis!

Here is a download I just uploaded, no viruses: http://www.ihud.com/file.php?file=files/130706/1152819396/cports.exe

 

It's great to hear from you again, PHASER8, although I wish it were under better circumstances. Anything I would recommend has already been said, so I guess I'm just going to be totally useless here, and say, "Hi."

 

If it makes you feel better Phaser8, I have to do a complete re-install of Empires because I'm pretty sure now the memory of the install is corrupted. Or something. I get a fatal exception error on startup all the time....

 

PPL this is what he said...

He has yet to try another connection. Altho I am interested to find out the results.

As to his problem....

From what I see in your logs it looks like a constant hit to port 80 FROM your computer. What interests me is that it says allowed yet it still logs it. (weird but, perhaps you set it to log all to find out whats doing what.) You seem to be using the Internet fine in order to post here yes?(except your never ending stream of junk) The HTTP (Internet) is port 80 unless your using a proxy program and that is usually like 1080 then.

The whole part about your computer connecting to itself... again allowed yet logged (altho why your computer connects to itself, is beyond me) (really weird) Altho on second thought if you have XP and you have a software bridge installed (believe me XP can do some stupid shit setting up your network) this is possible. Kinda like a proxy but doing nothing but slowing down your connection. This can generally happen if you have like fire-wire somewhere on your computer or more then one network card. If you have an audigy with fire-wire on it... this might happen. It would use the fire-wire bridge it to the network card then out to the router.

That... um... seems like he is bouncing off of you to reply to himself.

The part here that jumps at me the most is that it took you 24 hours to change IP?! You got a static IP or something? If you have dsl all you have to do is turn your modem off/unplug for a good minute then plug it back in... when it reconnects you have a new IP. If you have cable... you may have static IP.

Your computer connecting to the ISP DNS servers is common... but NOT by itself. When ever you need to go to a page... it first checks your computers internal DNS cache to see if it already knows the IP address if it doesn't it calls up the DNS and asks. However... the DNS server responding after 2 minutes is rather interesting. I would like to see the logs there for both you and DNS.

The port incrementing on your side is nothing new(as far as I can remember). Its the destination port that matters. When your computer makes a request it uses a random port. If it failes to get a response in an appropriate time window it ups the send port number and tries again.(This is from a networking class I took a while ago so if I'm wrong... don't rant too much lol)

And as a final note... your router DHCP configuration upsets me some what. I hope that your router is not wireless. If it is I should hope it is at least encrypted. Your current settings allow for 254 different users. :eek: if your not encrypted you could be letting others use your Internet without knowing it.

I admit sometimes I cruse around my area with my laptop looking for wireless routers with no encryption and f*ck with ppl by getting on there network and sending them msgs.. lol :D

 

That's over twice as bad as my graphics card 'sploding.

Personally, my computer doesn't have ANY security, anyone can get in, (though virusses and Trojans can't open due to some bit of software a friend wrote me) though why'd they want to?

 

All the original IP's that attacked my router were spoofed ( I figured that much ) and my ISP apparently does not have any kind of anti DDoS equipment at their NOC so a counter attack would be pretty useless and I do not know for sure if it was the guy in the IRC because I'd expect him to make some stupid remark like 'Enjoy the DOS' or some stupid shit like that so it could've been just perfectly timed as my brother pisses off alot of chinese on his MMO.

Anyway thanks everyone for your input, thoughts and ideas...hopefully I can get this resolved without bashing some heads open down at the local managers office of the ISP with a golf club ( Gonna try and avoid that as I dont like getting blood on my clothes ).


By the way this is off topic but I may be moving to North Carolina to an area where cable does not exist ( Dudley / rosewood area ).

Does anyone know if DSL / satellite internet is good for playing games or at least downloading tons of porn? :D

 

You cannot play online games with a satellite connection.

512kb/s dsl should work just fine though.

The problem with satellite (That I have at home) is that you can never get a ping below 700. Obviously making multiplayer online games unplayable. It works just fine for downloading files though including porn if that's what you want it for

Web page viewing can get annoying. Downloading big chunks of data is fine but when it needs to do lots of little bits you're going to notice the poor pings.

 

Don't move there if you'll get worse internet, not worth it.

 

Moving to NC means more money and cheaper land, not to mention more land than up here. Down there its cheaper to buy 10 acres than it is up here as New Hampshire has been turned into a 'resort' state where all the rich bastards reside.

 

Wanna visit me on your way down? I love in northern VA.

 

Man, PHASER, (lack of) Net Neutrality is gonna hit you hard.

 

We'll mix you budee.