1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

ICMP attacks for me! help!

Discussion in 'Networking & Security' started by saarxee, May 4, 2013.

  1. saarxee New Member

    Joined:
    May 4, 2013
    Messages:
    67 (0.12/day)
    Thanks Received:
    0
    My friend is attacking me to the ICMP attack for my router.
    my router model is TP-LINK WR841N.
    how i stop the attacks?
     
  2. Bo$$

    Bo$$ Lab Extraordinaire

    Joined:
    May 7, 2009
    Messages:
    5,320 (2.63/day)
    Thanks Received:
    868
    Location:
    London, UK
    Well you pay him a visit, Knock on his door, as he opens it, knock him the fuck out. :slap:
    Just attack him. simple shit man.
     
    Geofrancis, Mussels, [Ion] and 6 others say thanks.
  3. saarxee New Member

    Joined:
    May 4, 2013
    Messages:
    67 (0.12/day)
    Thanks Received:
    0
    How am I defending himself from the attack?
     
  4. micropage7

    micropage7

    Joined:
    Mar 26, 2010
    Messages:
    6,081 (3.57/day)
    Thanks Received:
    1,413
    Location:
    Jakarta, Indonesia
    LOL.. you make me laugh
    yea, why your friend attack you? :confused:
     
  5. saarxee New Member

    Joined:
    May 4, 2013
    Messages:
    67 (0.12/day)
    Thanks Received:
    0
    That bored him. It uses - Booter
    help me please.
     
  6. W1zzard

    W1zzard Administrator Staff Member

    Joined:
    May 14, 2004
    Messages:
    15,007 (3.90/day)
    Thanks Received:
    11,877
    If you have a dynamic IP, just disconnect your router and reconnect so it fetches another IP.

    There is nothing else you can do on your end to mitigate the attack, as it's overloading your incoming line. You could call your ISP and explain the situation, they can drop all packets from your friend before they enter your line, but this usually also means they'll inform the authorities
     
  7. remixedcat

    remixedcat

    Joined:
    May 13, 2010
    Messages:
    3,015 (1.82/day)
    Thanks Received:
    677
    Bo$$ had the best solution
     
  8. Aquinus

    Aquinus Resident Wat-man

    Joined:
    Jan 28, 2012
    Messages:
    6,665 (6.47/day)
    Thanks Received:
    2,324
    Location:
    Concord, NH
    If you use a spoofed MAC address on your router and restart your modem, DHCP will automatically get you a new IP. Just restarting the modem won't get you a new IP unless the lease time is incredibly short and more often than not I find that it's an hour or longer (mine is several days,) so the only way for me to force it to give me a new IP is by using a different MAC.

    Afterwards you should do what Bo$$ described. You have to make sure it doesn't happen again. :)

    You could also tell your router to block incoming ICMP packets, most routers can do this.

    Edit:
    Here we go, nothing like a user manual to help you out:
    [​IMG]

    Enable both highlighted settings and set the packets/s for the ICMP flood filter to 25. That should work nicely.

    Now you really can tell him to shove it and do what Bo$$ suggested and you know regardless of the outcome, he won't be doing it again. :)
     

    Attached Files:

    • icmp.PNG
      icmp.PNG
      File size:
      59.5 KB
      Views:
      384
    Last edited: May 4, 2013
  9. W1zzard

    W1zzard Administrator Staff Member

    Joined:
    May 14, 2004
    Messages:
    15,007 (3.90/day)
    Thanks Received:
    11,877
    that wont work, unless your network connection has more bandwidth than the attacker has bandwidth. no matter what you set on the router, packets will still travel from your ISP to your router and congest your line
     
  10. n0tiert

    n0tiert

    Joined:
    May 1, 2008
    Messages:
    925 (0.39/day)
    Thanks Received:
    404
    Location:
    Frankfurt/Main - Germany
    use some tool like "wireshark" to catch the ICMP flood attack by pattern (usually it is mainly same type / size),
    match it and drop that packets directly on router via iptables rules set .....
     
  11. W1zzard

    W1zzard Administrator Staff Member

    Joined:
    May 14, 2004
    Messages:
    15,007 (3.90/day)
    Thanks Received:
    11,877
    see my previous post
     
  12. n0tiert

    n0tiert

    Joined:
    May 1, 2008
    Messages:
    925 (0.39/day)
    Thanks Received:
    404
    Location:
    Frankfurt/Main - Germany
    works m8, done this on DNS Reflection Attack for Anycast..... :)
    it drops by rule hex notation in packet header
     
  13. saarxee New Member

    Joined:
    May 4, 2013
    Messages:
    67 (0.12/day)
    Thanks Received:
    0

    works or not?
     
  14. W1zzard

    W1zzard Administrator Staff Member

    Joined:
    May 14, 2004
    Messages:
    15,007 (3.90/day)
    Thanks Received:
    11,877
    it might work on some attacks, but not on a normal icmp flood or any other type of attack that's trying to use up all your incoming bandwidth
     
  15. saarxee New Member

    Joined:
    May 4, 2013
    Messages:
    67 (0.12/day)
    Thanks Received:
    0
    He drops my internet.
     
  16. techtard

    techtard

    Joined:
    Sep 4, 2009
    Messages:
    930 (0.49/day)
    Thanks Received:
    204
    Call your ISP, call the police. If someone is doing this to you, they are not your friend. Find out the penalties for cybercrimes and inform him that you will take action to stop him.

    If you aren't going to do that, then do as Bo$$ suggested.
     
  17. saarxee New Member

    Joined:
    May 4, 2013
    Messages:
    67 (0.12/day)
    Thanks Received:
    0
    I have a friend doing it for a laugh.
     
  18. Black Panther

    Black Panther Senior Moderatorā„¢ Staff Member

    Joined:
    May 30, 2007
    Messages:
    8,590 (3.14/day)
    Thanks Received:
    1,936
    Tell him you're serious about calling the police. A joke for a couple of minutes might be ok, but if he persists...
     
  19. saarxee New Member

    Joined:
    May 4, 2013
    Messages:
    67 (0.12/day)
    Thanks Received:
    0
    By the way, my previous router did not work anymore since the attacks. It affects?
    and we are purchase the TP-LINK router from ISPs.
     
  20. remixedcat

    remixedcat

    Joined:
    May 13, 2010
    Messages:
    3,015 (1.82/day)
    Thanks Received:
    677
    They are not a good friend
     
  21. saarxee New Member

    Joined:
    May 4, 2013
    Messages:
    67 (0.12/day)
    Thanks Received:
    0
    answer please..
     
  22. drdeathx

    drdeathx

    Joined:
    May 14, 2009
    Messages:
    2,132 (1.06/day)
    Thanks Received:
    479
    Location:
    Chicago burbs
    Get one of these:

    [​IMG]

    1. Knock on his door
    2. Quickly pull the trigger on the stun gun
    3. Watch him fall
    4. Go back home and look at your animal porn
     
    Mussels and remixedcat say thanks.
  23. saarxee New Member

    Joined:
    May 4, 2013
    Messages:
    67 (0.12/day)
    Thanks Received:
    0
    Possibly be serious?
     
  24. remixedcat

    remixedcat

    Joined:
    May 13, 2010
    Messages:
    3,015 (1.82/day)
    Thanks Received:
    677
    Make your friend get you a new router and pay for your connection for the next few years and also do what Dr. Deathx said
     
  25. saarxee New Member

    Joined:
    May 4, 2013
    Messages:
    67 (0.12/day)
    Thanks Received:
    0
    By the way, my previous router did not work anymore since the attacks. It affects?
    and we are purchase the TP-LINK router from ISPs.
     

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page