6

I was wondering if someone can become a victim of a DDoS attack as home user when only his IP is known by the attackers but he is behind a router with no open ports or other known vulnerabilities?

I'm mainly interested because this becomes more and more a topic in professional gaming (which I like to watch). But my feeling is that the players often claim to be DDOS'ed without having a clue if this could be possible and the real reason most likely is that their connection is just bad/there are technical problems. On the other hand, there is a lot of money involved in those matches so ordering a botnet in a price range from $1000 - $10000 for the time of the match could indeed be attractive for some people...

So, is this possible or not? And if it is possible how can it work and are there effective counter measures (other than changing the private IP and not logging in to services afterwards over which the attackers could have get knowledge of the IP)?

Thanks for answers!

cutrightjm
  • 1,714
  • 4
  • 18
  • 31
Jey DWork
  • 203
  • 2
  • 6
  • Course, there's nothing to stop the DDoSers to take down the gaming server instead (see recent "DerpTrolling" incident) – tombull89 Jan 09 '14 at 10:34

1 Answers1

7

Yes you can.

If you relating DDOS attacks to ports and services, like you are here, you are talking about layer 4 to 7 in the OSI model stack. Everything from the Transport layer to the Application layer. Keep in mind there is still 3 layers below this!

Common attacks on these layers could be:

  • Amplification attacks. E.g. smurf attack. This usually requires vulnerable systems on the internet to be exploited.
  • Resource exhaustion. E.g. filling up your bandwidth with connection attempts. This could be done using a botnet. A common attack vector being SYN floods.

Unfortunately DDOS will always be prevalent in current days network and systems. Resource exhaustion will always be a concern, and today the ones with the biggest pipes and most systems wins.

DDOS'ing online gamers absolutely is possible and most likely trivial to accomplish just by flooding the victims pipe with bogus requests, hindering or fully disabling legit traffic. The reason I say it is trivial is because today you can rent a botnet fairly easy and cheap.

Considering some online gaming matches doesn't last more than 1 hour, and that you can hire a botnet for as low as $9 an hour, you can imagine the destruction you can do if you have the victims IP address (source).

Chris Dale
  • 16,119
  • 10
  • 56
  • 97
  • Thanks for the explanation. I couldn't imagine botnets can be so cheap and that simple resource exhaustion is then a really realistic option. Are there counter measures? I know CloudFlare which you can use to protect websites and which does a quite good job but I don't know any services which could be used by private users... – Jey DWork Jan 09 '14 at 13:23
  • Personally I do not know of very good ways to secure a private IP against DDOS. I would some points could be: * Try not reveal your IP * Have a way to renew your IP if it gets disclosed * Know of ways to configure your CPE in order to combat DDOS attacks. Pipe flooding would still be an issue though. In fact many script kiddies do syn floods and think they exploit the half-open connection queue, but instead actually just fill the target pipe – Chris Dale Jan 13 '14 at 11:40