RT-AC66U DDOS + Tomato Shibby 1.28

Discussion in 'Tomato Firmware' started by Connor McCaffrey, Mar 2, 2014.

  1. Connor McCaffrey

    Connor McCaffrey Networkin' Nut Member

    playing some competitive call of duty tonight. some kids got mad they lost. still can't hold me off ;) (but claims to be master hacker studying computer hacking right now! lol)

    my connection is limited at 107mbit/second (shaw broadband 100) (my modems downstream rate is provisioned at 112mb, 5mb overhead) yet the router shows 130+ and was still loading web pages and keeping me on live. it wouldnt allow me to upload the video to youtube though. had to mad address change after he hit me for a solid hour :( . if this was asus or merlin with HW acceleration enabled it would have been the same. but with HW acceleration off on merlin or asus (and i have it off for qos) the router would have crashed under load instantly. it can barely handle 90+mbit of traffic. asus firmware is a bit better then merlin with HW acceleration off. but this is the best by far. lol the load on the router was at 0% and my i was still playing music usb nas plugged into router. on stock/merlin i get hit and instantly the music stops even if the attack isnt crashing my router.

    Last edited: Mar 2, 2014
  2. bhall7

    bhall7 LI Guru Member

    Cool. So, is HW acceleration disabled on Tomato on your RT-AC66U? Why would you disable HW acceleration at all?
  3. bhall7

    bhall7 LI Guru Member

    Maybe this is why you have no HW acceleration in Tomato. :)
  4. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    Video too blurry to see - was any of that traffic to/from a specific device in your LAN? Did you have a chance to run Wireshark? Do you have any sort of remote access enabled?
  5. Connor McCaffrey

    Connor McCaffrey Networkin' Nut Member

    most likely it was going to port 3074 and it was a UDP flood. thats what 90% of kids on xbox are using. the traffic should have been going to my xbox but i dont believe it mad it there because the xbox has a bad buffer overflow problem when these attacks make it through to it

    if the video was blurry turn the quality up

    i ordered an edge router lite 2 days ago to deal with attacks better aswell :)

    soon RT-AC66U will only be my AP
  6. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    You're probably right, given the low CPU usage, but best to find out next time. There are ways of reducing the impact of *some* DoS attempts if this happens frequently, such as limiting the number of incoming connections from any given ip address using iptables.

    This kind of crap is one of the reasons I stopped playing online games. (+ job + wife + kids + need for sleep)

    Thanks koitsu
    Last edited: Mar 6, 2014
  7. koitsu

    koitsu Network Guru Member

    What people don't seem to understand about DoS (or DDoS) attacks is that even if your router isn't responding to the attack attempts (i.e. the router receives the packet but does not send back anything), they can still effectively take you offline by saturating your network connection, and there is no solution for that situation. QoS, bandwidth limiters, etc. have no bearing on this situation -- the problem is purely that there are too many inbound packets arriving at your WAN port. Nothing can be done. The same applies to non-residential connections; most DDoS kiddies these days don't care if they're hitting an open port or not, they just oversaturate your connection (and often an ISP's peering link as well). DDoS kiddies have insane amounts of bandwidth these days.

    I find the general best approach is to not involve myself with people who act like this. DoS attacks aren't the reason I stopped gaming: the players' attitudes are. I don't play any MMO games with anyone other than people I know personally or have gotten to trust over the years. The general Internet, especially the gaming community, is filled with manchildren or actual children who lack good ethical or moral character.

    P.S. -- Never, ever say something like "still can't hold me off ;)" when talking about any kind of attack, especially when showing up on a forum asking for help with regards to such. That kind of pompous attitude just eggs people on. Be better than that.
    Marcel Tunks likes this.
  8. Connor McCaffrey

    Connor McCaffrey Networkin' Nut Member

    i know. but thanks ;). still. 107mbit is alot of space to cram. most people dont have acess to that. also i will be getting a 250/15 connection very soon (my node is all upgraded they just havnt switched it over to new speeds)

    and even tho they can get me off just saturating the connection, there is still potential to improve my firewall. and router to better deal with attacks that cant fully saturate it.

    right now i dont even have the firewall on my rt-ac66u with tomato. it added latency so i took it off. and i will keep it off. all i really have to block booters in place is icmp reply disabled

    it is fully possible though that even with the current setup people might just have to fully saturate my connection to get me off even with the asus. but i want the ERL to be sure + to be futureproof. the asus will max out at about 180mbit and when i get a 250mbit connection it would have been the bottleneck if i didnt get the ERL i have coming friday/monday
    Last edited: Mar 6, 2014
  9. Connor McCaffrey

    Connor McCaffrey Networkin' Nut Member

    for your first point. linking that 200-400gbps attack is irrelevant. 99% kids booting on xbox are doing it through a stress testing service (quantum booter, titanium stresser, ragebooter, anonymous stresser etc) and the ones that arent using that are using booters they have purchased off someone on hack forums. that would be the next level up. the last kid who actually got mee ofline claimed he had a puttybooter he bought access to on hack forums. that thing did work pretty good.

    if i recall corectly my friend with a bonded 200/10 connection (2 of my 100/5 connections) has never been fullly hit off. and he hosts alot of servers from his connection. he claims that most people can't hit you with more then a a true 50mbit. and like i said he only has 200mbit and has never received an attack strong enough to keep him off. aka saturate his connection. because his firewalls can take it!

    as for not dealing with booter like this. i cant help it. there all over xbox. and it spreads like wildfire when u can buy month membership on a stress tester for $2.50

    and as for saying, still can't hold me off ;) . they couldnt so thats why i said it. i never said no one could. but those kids definitely couldnt
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice