DDoS facts and fiction
This guide will briefly try to outline: What DDoSing is, How it works and What you can do to protect yourself. There are many unclear areas surrounding DDoS attacks, so it is important to know exactly what and what isn't true.
What is DDoS?
DDoS or DoS stands for Distributed Denial of Service. It is when a large amount of data or connection requests are sent to an internet connection which stops the normal flow of data which ultimately can disconnect the victim from the internet for a few minutes to a few hours.
How does it work?
A DDoS is a botnet of many infected computers sending information to an internet connection. To create a botnet a user distributes harmful software hidden inside what seem to be perfectly normal downloads; so one way to protect your computer from becoming part of their botnet would be to only download information from trusted sites. The attacking user initiates the DDoS attack by instructing the whole botnet to make what seem to be legitimate connections to the IP address. The computer or server at the IP tries to make a connection with the computer that made the TCP request but cannot find them, so it waits but cannot return the contact and make a connection. If there are lots of these connections the computer or server eventually cannot process any requests and therefore cannot use the internet. Another way people attack using DDoS is to send UDP packets of actual information, which sends data to random ports of an IP address which can amass to a massive amount of information being sent per second. This fills up bandwidth and spams out the internet connections.
How can I protect myself?
There are a number of methods to keep your IP hidden from other IRC users:
1. Don't -x. SwiftIRC (and a lot of other IRC networks) have a usermode +x which stops your true IP from being viewed by anybody who simply whoises you. You shouldn't take mode x off unless you're on a BNC where it will instead show your whole vhost.
2. Don't click on unknown links or links that you do not trust, the owner of the site has the ability to see every IP that makes connection to their website, so be careful when clicking links.
3. When using TinyURL.com links go to their website and pick the option to enable previews (TinyURL Preview). This way when somebody links you to a TinyURL.com address it will show you the address it is linked to and then ask if you want to continue. Also, make use of LongURL.com. This website will show you all the redirects for a link, and list them for you to see where it ends up. This is useful if you're dealing with a redirection service other than TinyURL.com.
4. Don't connect to other people's IRC servers if you don't trust the person. They see the IP of every connection made to their IRC server. It is the same for BNCs, Teamspeak, Ventrilo, etc.
5. If you are using mIRC, don't load mSL scripts that you do not understand; these can have codes that can reveal your IP or do other malicious things.
6. Don't do commands like //say $($+($chr(36),$chr(105),$chr(112)),3), users can hide the $ip mSL identifier in ASCII codes, and perform other malicious actions.
Another way to protect yourself is to make sure your firewall is up to date, as some firewalls have the ability to distinguish whether the connection is legit or not.
How can I recover from a DDoS attack?
The truth of the matter is many people who claim to be able to DDoS you have no clue about the subject and probably don't have the means to do so. But if you do get attacked you should change your IP to prevent it happening again and allow you to reconnect to the internet. If you use dial up internet for one, you're at an advantage, as most companies change your IP every time you dial up. If your IP is dynamic, it will change when you reconnect to the internet. If you use broadband, you may need to reset your modem and/or wireless router. If your IP is static, you can phone your ISP and ask them to change it if the DDoS attack is a recurring problem. Although DDoS attacks are illegal, they are unfortunately largely untraceable, and unless you have any obvious evidence, there is not much the SwiftIRC staff can do about them.
This guide has been created by SwiftIRC user Alexandra