Ask Your Question
0

How to find ip of someone that is dosing me. May have vpn/ip spoofing

asked 2017-12-06 02:55:45 +0000

anonymous user

Anonymous

updated 2017-12-06 02:56:52 +0000

I have been dealing with someone that has been dosing me for over a few months now. At first I had no internet for 2 days until I was able to change a few router settings. I am afraid he will be able to get passed what I have done and turn off my internet once again. I know have internet and have been waiting for him to stop and leave it alone. I am looking for any hep of advice anyone is willing to give me. I seen someone purchase a new modem and split the wires coming from the original modem to provide me with a new address, but I would like to save from plan b if I am unable to find a fix. I am sure he has a vpn and using onine companies as his ip. I am unsure if they is anyway to fight a vpn dosing.

What I have used/Tried:

-Internet provider and router provider (I was asked to purchase more protection to begin to see if they can even help)

-dos guardian (Worked and was not seeing anymore dos attacks, but ended up blocking my antivirus from working)

-View router logs (Found blocked dos attacks, mostly are from company's such as google and amazon)

-Change Router settings and tried changing mac address along with other addresses

-Maybe others I am forgetting

Thank you in advance for any help. It would be amazing to find where the guy lives and file a report or pay him a personal visit;)

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
1

answered 2017-12-06 08:32:29 +0000

sindy gravatar image

First, if that hypothetical guy isn't totally stupid, none of the IP addresses from which the DoS packets are coming to you is related to him in any way.

Second, whatever you do inside your home network (adding routers, changing MAC addresses), the address of your uplink interface will remain the same unless you can agree with your ISP to assign you another one.

Third, DoSing of home internet connections is quite rare, so it is much more likely that some software on one of your devices is responsible for that traffic - either with your indirect consent (peer2peer networks typically use your connection even if you don't actively download anything) or without it if some malware is making use of your resources.

So a Wireshark capture of your traffic, covering a bit of time before the "DoS" starts and a bit of it ongoing, is your best starting point. If the communication has been initiated from your device side, it is not a DOS attack, but it may be a malware infection. If the packets are really coming from domains like Google and Amazon and the flows do not mirror ones initiated from your network, then the scenario you've suggested above, that someone is spoofing the requests on your behalf so that the responses would come to your public IP address, is very likely. The bad news is that in such case there is nothing you can do about it but agreeing a change of your public address with your ISP. And if you're really an intended target, the attack would stop only until the attacker learns your new IP address.

Your ISP should be technically able to track the actual source of the spoofed traffic to the border of their network, but if they come from another network, you'll probably have to involve a regulator or police, whatever is applicable in your legal environment, to track the attacker across your ISP's network border. If they come from abroad (which is typically the case - see the first point), game over - you're neither a bank nor a governmental office so no enforcement body is likely to take the burden of seeking international cooperation on solving your issue.

edit flag offensive delete link more

Comments

Thats sadly what I was thinking and will have to change around mac addresses or change my public address. I do believe it is still from someone trying to hit me off due to my brother playing Xbox with a hacker and pissed him off so he decided to dos and take out my internet. Thanks for the help. Another question if you have the time, if my computer does have malware and causing the problem and recommend antivirus or scanning tools to use? I have kaspersky total security and it has found nothing. Also thanks for the advice really helps out a lot!

Dylan_j99 gravatar imageDylan_j99 ( 2017-12-07 02:10:35 +0000 )edit

Sorry, no recommendations on anti-malware. Plus bear in mind that new malwares emerge all the time and the anti-malware tools detect most of them based on their databases of known signatures (characteristic patterns of contents and behaviour) rather than heuristic, so there may be a gap of weeks to years until a particular new malware becomes detected.

Plus once again - MAC address is irrelevant here, it is only significant within a local network where no routing is necessary. Depending on your uplink connection type, the router which connects you to the internet also may have a MAC address on its internet-facing interface but there is no guarantee that you'll get a different IP address from your ISP just because your MAC address has changed, ISPs usually use other properties of the connection to identify the customer and assign an IP address.

sindy gravatar imagesindy ( 2017-12-07 11:16:57 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2017-12-06 02:55:45 +0000

Seen: 3,790 times

Last updated: Dec 06 '17

Related questions

Reason for different update paths?

What type of attack is this ?

Is this a Webstresser or a DDOS attack or a fake one?

I have same Transaction ID for all packets in DNS. Is there possibility of DNS flood or DNS amp attack?

Are these deauth & disassoc attacks going through my network or what?

Can I Contact An Administrator To Ask A Question?

filter cant detect exist packet

CTF question: Which tool did the attacker use to hide his trace on the cyber space?

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2