Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2017-12-06 08:32:29 +0000

sindy gravatar image

First, if that hypothetical guy isn't totally stupid, none of the IP addresses from which the DoS packets are coming to you is related to him in any way.

Second, whatever you do inside your home network (adding routers, changing MAC addresses), the address of your uplink interface will remain the same unless you can agree with your ISP to assign you another one.

Third, DoSing of home internet connections is quite rare, so it is much more likely that some software on one of your devices is responsible for that traffic - either with your indirect consent (peer2peer networks typically use your connection even if you don't actively download anything) or without it if some malware is making use of your resources.

So a Wireshark capture of your traffic, covering a bit of time before the "DoS" starts and a bit of it ongoing, is your best starting point. If the communication has been initiated from your device side, it is not a DOS attack, but it may be a malware infection. If the packets are really coming from domains like Google and Amazon and the flows do not mirror ones initiated from your network, then the scenario you've suggested above, that someone is spoofing the requests on your behalf so that the responses would come to your public IP address, is very likely. The bad news is that in such case there is nothing you can do about it but agreeing a change of your public address with your ISP. And if you're really an intended target, the attack would stop only until the attacker learns your new IP address.

Your ISP should be technically able to track the actual source of the spoofed traffic to the border of their network, but if they come from another network, you'll probably have to involve a regulator or police, whatever is applicable in your legal environment, to track the attacker across your ISP's network border. If they come from abroad (which is typically the case - see the first point), game over - you're neither a bank nor a governmental office so no enforcement body is likely to take the burden of seeking international cooperation on solving your issue.