Multiplayer gaming is all about getting away from the world events and maybe the 9-5 grind at the salt mines; but, the stress easily comes back when starting to have intermittent network problems while gaming. If rebooting both the modem and router, and contacting the ISP does not solve this issue then that means there is a possibility your home network has been compromised to the point of being DDoSed. In this article, we’ll discuss what DDoS is, causes of DDoS, and how to prevent a DDoS attack from happening again so you can enjoy happy days playing online.
What is DDoS?
DDoS stands for Distributed Denial-of-Service which is defined as a type of network attack that is orchestrated towards a targeted computer/server system (in this case multiple gaming servers at a time) that would cause a service loss temporarily to users.
DDoS attacks typically require more than one infected hosts that have already been infected with some form of malware to create a botnet (or what is typically called “zombies”) controlled centrally by the attacker to send out commands automatically to each zombie (considered “agents”).
DDoS is more difficult to mitigate due to the DDoS exploiting more compromised machines to launch more attack traffic than a single compromised machine can perform with the other factor being DDoS can be orchestrated from different sources that do not have permanent IP addresses
DDoS attacks that are used in attacking game servers and individual players in multiplayer sessions are UDP flooding attacks which will be explained below.
How UDP Flood Attacks work in Online Gaming?
Considered a connectionless style of flooding packets to a targeted host, UDP flooding attacks used in DDoS directs a number of UDP packets to a number of open ports or in specific to the services used by the targeted individuals system that allow real-time updates in game to player movement over the gaming service used (this can be Blizzard, Xbox, Playstation, or other platform service).
IP address spoofing is used in UDP flooding attacks where the source IP address of the hosted public session is spoofed ensuring that all ICMP packets will be sent to this address.
By flooding the destination hosted server with UDP packets, the server would be forced to send multiple ICMP reply packets in attempt to reach the legitimate host eventually draining server CPU and memory resources to making the server unreachable or unavailable to receive any legit UDP packets from the legit source.
Since UDP is a “connectionless” protocol, the sending host does not establish a connection with the destination host before sending data…the data is simply sent with acknowledgments not being sent for received segments. If a received UDP segment is lost, UDP has no way of re-transmitting the same segment again
The other factor that plays in UDP flooding attacks is the fact that UDP does not have any flow control like TCP’s window size to control flow of data and how much to send which makes DDoS open season towards a spoofed IP and hosted server when possible.
Causes of DDoS attacks
Besides a sore-loser player that doesn’t like seeing you and your team winning by a 20-30 points in a classic team deathmatch or maybe because of your rare 15-0 (kills to death ratio) in Call of Duty Modern Warfare is offensive to someone, DDoS attacks happen to allow one to gain a competitive and distraction advantage to catch up or in most instances to force someone off a game server completely as a form of “logical trolling.”
In much more serious cases that would be devastating to gaming developers and publishing companies is for one individual/group to seek out notoriety (in this case to become famous) by asking for a ransom (like bitcoins or a large sum of money) or in weird cases for a number of follower/subs on one of the social media outlets like Twitter and Instagram before the DDoS attacks stop…
Overall, no one should EVER give in to demands by a DDoS attack no matter what…this means preparing for the worse outcome to defeat and prevent future DDoS attacks from happening in the future.
4 Ways on How to Prevent DDoS/DoS attacks
Despite many false positives that can occur from undeliberate instances such as overloading network bandwidth due to your roommate doing some heavy streaming or when the network equipment is actually failing, it can be difficult to detect when a real DDoS/DoS attack is actually happening when gaming online.
From masking your own IP from others while playing online to enabling certain filtering countermeasures within the router settings are some of the ways on how to prevent DDoS attacks before they occur.
Below are 4 most recommended countermeasures in the main goal to preventing DDoS/DoS attacks first-hand.
Obtain a New WAN IP Address
For those that have already been hit with a small DoS or a complex DDoS hit and may have been without Internet from a few hours to a few days can attempt to release and renew the WAN (Wide Area Network) IP address on the router (this would not be the computer LAN).
The most common way to obtain a new IP on the router would be by modifying the MAC address in the router back-end and powering down the router for an extended period of time after changing the MAC.
Use the following steps below to get a new WAN IP:
- Select “Advanced” tab
- Find your current Router MAC Address in “LAN” settings from Network section in left-side menu, copy and paste the MAC address you find there
- Select “Internet” or “WAN” from left side menu
- Change MAC Clone setting to “Use Custom MAC Address”
- Paste in MAC Address
- Change the last number or letter in last octet of MAC Address
- Click “Save”
- The router will attempt to renew the WAN IP. Give it 5 minutes to fully reconfigure
- If the router does not register a new WAN IP address, un-plug and leave the router powered down for 30 minutes
- Plug the router back in and power on
- If the router still does not register a new WAN IP address, power down the modem and leave powered down for 30 minutes
- A new WAN IP address should now be registered on the router. An alternative would be to google “What’s my IP” for your new IP if you’re too lazy to log into the router.
Enable DDoS Protection & UDP/ICMP Filtering in Router
For some routers including the TP Link Archer A9 router that may include some sort of integrated DoS/DDoS protection within the router to limit TCP/UDP traffic, it would be a wise idea to enable this protection to prevent and slow down any attempts of receiving fake traffic that may flood the router.
An addition to enabling DDoS protection would be to turning on ICMP and UDP filtering on the router to limit ICMP ACK requests coming from servers and unrecognizable IP addresses or ports that may flood UDP requests to the router in an attempt to slow down router performance or shut the router down completely
Use a Virtual Private Network (VPN)
Adding an extra layer to DoS/DDoS protection, a Virtual Private Network (VPN) can be installed to mask the router and WAN IP address when gaming online or taking a Skype call even if these applications have some form of application masking of your network connected to application servers.
One of the most recommended VPN services out there for gaming is NordVPN which uses more than 5000 servers that you can bounce between even if a random DoS/DDoS does affect one of the VPN servers somewhat and does not throttle back your network bandwidth.
If you have a TP-Link router, there is a good chance it has VPN server integration to configure OpenVPN which would provide some configuration unlike a turn-key VPN that requires minimal configuration.
Within a TP-Link router, a VPN certificate would have to be first generated and the configuration settings must be exported to the OpenVPN directory after downloading the OpenVPN interface from the community website in order to get this free VPN to work on a local PC.
Switch to an ISP that offer Dynamic Routing
The final step in how to prevent DDoS and DoS attacks is not really a prevention method; but, is crucial to changing your WAN IP address in the router backend yourself which is making sure your ISP is using dynamic routing that includes implementing a dynamic IP address that will be able to change when powering down and rebooting the router and modem for troubleshooting.
If the router does not change WAN IP addresses, this may indicate the ISP is using a rare situation of using static routing rather than dynamic routing which would stop you from making attempts at changing the WAN IP.
While calling your ISP to request a new WAN IP due to the potential DoS/DDoSed attack is a possible option, if the ISP refuses to change the IP or does not offer support in changing the IP…then it would be crucial to switch to a new provider like Spectrum that does dynamic routing.
On top of switching to a new ISP, a new router and modem would be provided by the ISP if you don’t have your own router and modem to give you a new start to implement proper cybersecurity for preventing DoS/DDoS.
