Jump to content

Denial of Service (DOS) attack

kinda Fallen

By kinda Fallen,
in General Discussion Forum

 Share
You are about to reply to a thread that has been inactive for 3179 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

kinda Fallen

kinda Fallen

Posted
Posted

Ok here it is, ive managed to piss someone off in SL (like that's hard to do)  and now, several times a day, that this individual is online, he floods my IP so hard it clocks my modem and im offline anywhere from 20-40 minutes. He has sent me and one of my friends IM's telling us he is going to do this, at the time he does it, so were pretty clear he can do it, and does do it. I have had my IP provider check my equipment and lines twice, i have been assured in writing it is not a problem on their end.

We have gleaned two clues from his IM's, one that he must know the city and state you live in, he got my friends info off her skype account, mine he got from what was once a close friend, and due to my obvious niativity, ive never had much of a problem telling folks what very large city i reside in.  Second, he says he does not have to be in the same sim to get my IP address, as we have him banned from our sim. Saturday i was on a totally different sim, one i am not in often, when he started his attack on me that day. BTW my IP address changes every time my modem reboots, which is now daily due to this asshat, and whenever i start up my computer, i reboot my modem, it takes him about 15 min to get the new IP.

We have both abuse reported him, with the IM's, and to date, nothing we can tell has happened, he obviously is still in the game.

So what im asking, is what can i do, or is there an easy fix, or anything that can be done to stop this. Please bare in mind, i am not completely computer illitereate, but at the same time i am not an IT person in any way shape or form. Thanks for any ideas and advice in advance.

Link to comment
Share on other sites
Freya Mokusei

Freya Mokusei

Posted
Posted

Your IP address, most often (unless you take steps against this), will betray information about your location.

Really that's the oracle that he's able to use. Each time he has your IP, he can launch a DOS.

Firstly, your ISP should be able to detect and deter this kind of attack if it's coming from a fairly amateur source. Disruption of the wires may be a crime in your jurisdiction, also. Worth looking into. This is not an issue that involves Second Life as anything except the vehicle for him discovering the information he needs to attack you, do not expect any action on behalf of the service operator. You should be treating this as a 'real life' issue.

If this isn't possible, your solution is to obscure your IP address as much as possible:-

  • Use a proxy/VPN
  • Disable voice, media, do not click links to websites. Any website.
  • Do not use services that relay your IP address to third-parties. This includes some forums (not this forum), and some gaming services, as well as things like DJ/music streams.
  • Don't use external messengers (e.g. Skype), except through a proxy.
  • Check your own systems for compromises or leaks that could be relaying this information back to him (e.g. links to any webservers he might own, favourited pages, but this also includes malicious activities). This includes distinctive traffic and may also stretch to include the social engineering of yourself or your friends.
  • Change your behaviour, log into SL at different times or stay offline for a couple of days.

Guidance on all of this can be found by using a search engine of your choice. Most is Security 101.

  • Like 1
Link to comment
Share on other sites
Jennifer Boyle

Jennifer Boyle

Posted
Posted

I believe that the only way a third party can get your IP address via SL is for you to access some kind of media that comes from their server.  Therefore, if you access no music, video, web content, etc. except from sources you know you can trust, he should not be able to get it.  I don't know about other viewers, but Firestorm makes it easy to whitelist trustyed servers while not accessing any others.

I'm no expert, but I believe it is a federal felony in the US to mount a DOS attack.

Link to comment
Share on other sites
Freya Mokusei

Freya Mokusei

Posted
Posted

Please note that the author of this thread states that she also uses external contact options for associating with SL friends. It's necessary for her to check her leaks inside and outside of SL. Skype is at least as vulnerable to this as Second Life is.

Free proxy servers will typically not work with Second Life. I don't know the market (especially for American users who will probably want a local provider, and the OP didn't state locale) and do not want to give specific recommendations (there's little security provided by doing this). I have no trouble using Second Life through my standard (proprietary) virtual network arrangement, but I own these boxes myself rather than going out to a service provider, so don't know if I can help.

Link to comment
Share on other sites
kinda Fallen

kinda Fallen

Posted
  • Author
Posted

Yes i am keeping all my media off for the time being, i have it set to filter as well. However being in a tribute band, there are times when i will have to use the music media. He found me last night at a veterans benefit, and i had it all off in SL, but ran the SURL for the media on my winamp outside of the game. We do use outside messengers to voice, and i will look into getting a proxy for them.

I am calling my local law enforcement agency today, and any others they suggest such as the FBI or the FCC. I would imagine since i have his SL name, they can be contacted by these agencies if a crime is being committed, for his RL information.

I will call LL also, i would think gathering IP addresses in SL for malintent would be some sort of TOS violation.

Link to comment
Share on other sites
Freya Mokusei

Freya Mokusei

Posted
Posted

kinda Fallen wrote:

I will call LL also, i would think gathering IP addresses in SL for malintent would be some sort of TOS violation.

It's not. IP address is considered public information because it's necessary in order to supply the service and associated services (e.g. SL Voice). Unfortunately, once it's out. you can't control how it's used. (note, this is my opinion of how LL understand things based on my experience, it is not official LL policy).

Note that running media unproxied still discloses your actual IP address to the operator of the stream, even if you're using Winamp and not SL directly. If you still want to listen to media, you should route this through a proxy, too.

Don't be too hesitant to change your behaviour. It may seem oppressive and as though you're "letting the bad guys win", but the truth of the matter is that the sense of boredom is on your side - most people like this, get bored pretty quickly, or make new enemies in short order. Often it doesn't last long before things start turning back to normal.

Good luck with law enforcement, they might push you to FBI (these issues can be federal across state lines). You're correct that LL will comply with subpoenas issued against resident usernames.

Link to comment
Share on other sites
Darrius Gothly

Darrius Gothly

Posted
Posted

You should also contact your ISP for instructions on how to routinely change your IP Address. Many "hard-wired" services (those that assign an IP Address that persists for months or longer) can often adjust your modem settings so it routinely obtains a new IP Address or with very little fiddling will obtain one.

The more you keep him hopping, the sooner he'll tire and move along to his next victim. And lest you think otherwise, that is all you are to him ... another hapless victim for his sadistic and twisted "fun".

I have some "Peripherals" I'd be happy to introduce him to .. provided he's not squeamish about sharp things...

Link to comment
Share on other sites
kinda Fallen

kinda Fallen

Posted
  • Author
Posted

Darrius Gothly wrote:

You should also contact your ISP for instructions on how to routinely change your IP Address. Many "hard-wired" services (those that assign an IP Address that persists for months or longer) can often adjust your modem settings so it routinely obtains a new IP Address or with very little fiddling will obtain one.

lol at Periphials Darrius, my IP changes everytime i reboot my modem, and i have checked to make sure that it does. Being that he has clocked it several times a day, i have to reboot the modem to get the service back, i reboot it every night as well.  I filled out an FBI online report today, gave them all the info i had and what is happening. Evidently DOS attacks are punishable by fine and up to 10 years imprisonment.

 

Link to comment
Share on other sites
Darrius Gothly

Darrius Gothly

Posted
Posted

Excellent! Thank you kinda for actually taking the steps necessary to begin putting these types of criminals and miscreants in front of the proper judgement and punishment their acts deserve. With so many more people every day using the Internet and its various services to perform the basics of life, it becomes more and more important that we as a people treat it with the same respect and deference as we do locked doors, locked windows and "Keep off the grass" signs. (Okay, maybe not so much the latter...)

BTW: Once in prison (if your attacker gets that far in the system), he will find his world severely restricted. It's also important to note that much of the modern American corrections systems work from IT-based systems. He might suddenly find his cigarettes, privileges and even visitor list controlled by a mysterious computer somewhere that strangely keeps "forgetting" he exists.

Oh .. like DARN and stuff?

Link to comment
Share on other sites
Frankie Antonioni

Frankie Antonioni

Posted
Posted

Could he have placed a virus, or a tracking cookie on your computer?  If you are still having the problem, then I think he may have something on your computer, that is telling him when you are online, and your IP address.I would run Malwarebytes, and see if that will find anything. May want to clear some of your cookies.

Link to comment
Share on other sites
Darrius Gothly

Darrius Gothly

Posted
Posted

Cookies are just useless lumps of text. They can only be accessed by the website that generated them.

But your idea to use Malwarebytes is a good one. It is quite possible that if the attacker ever gave kinda a program, image file or sent any sort of data file to her then it may have contained something naughty and active inside. I have seen it happen.

Good thinking Frankie.

Link to comment
Share on other sites
kinda Fallen

kinda Fallen

Posted
  • Author
Posted

UPDATE:

My attacker contacted me a week ago and apologized and promised no more attacks. So far so good. Should his better behavior continue, i will not further at this point my FBI case. Look i am not here to put anyone in jail, that has a RL job, and family, and create just one more succubus on society over an internet gaming dispute. That being said, if ANY attack happens i do have proper reporting systems installed on my computer now, thanks to the agt i am working with, and any IP that attacks will be forwarded to her by email ASAP.

Thanks everyone that commented here for your input, and support. Have a great SL :)

Link to comment
Share on other sites
You are about to reply to a thread that has been inactive for 3179 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...