• We've upgraded our forums. Please post any issues/requests in this thread.

ICMP attacks for me! help!

Joined
May 4, 2013
Messages
67 (0.04/day)
Likes
0
#1
My friend is attacking me to the ICMP attack for my router.
my router model is TP-LINK WR841N.
how i stop the attacks?
 

Bo$$

Lab Extraordinaire
Joined
May 7, 2009
Messages
5,626 (1.79/day)
Likes
971
Location
London, UK
System Name Desktop | Server
Processor Intel i7 2700k @ 4.4GHZ | AMD 5350 @ 2500MHZ
Motherboard Asus P7Z77-V Pro | Asus AM1I-A
Cooling GeLID Tranquilo | Stock Air
Memory Crucial Ballistix 2x8GB CL8 1600MHZ | Corsair Vengence 2x4GB CL9 1600MHZ
Video Card(s) Gainward GTX 780 Phantom GLH | PNY GTX 750Ti
Storage Samsung 840 EVO 250GB + 4TB WD Red | 2x Seagate Barracuda 2TB
Display(s) Samsung S27D390H + Asus VE276Q | Headless
Case Fractal Design R5 | CM Elite 110
Audio Device(s) Asus Xonar D1 w/Otone Stilo 5.1 and Creative Fatal1ty headset
Power Supply EVGA Supernova 850 G2| Corsair CX430M
Mouse Razer Imperator 2012
Keyboard Corsair K90
Software Windows 7 SP1 X64 | Ubuntu 16.04LTS
#2
how i stop the attacks?
Well you pay him a visit, Knock on his door, as he opens it, knock him the fuck out. :slap:
Just attack him. simple shit man.
 
Joined
Mar 26, 2010
Messages
7,642 (2.71/day)
Likes
1,984
Location
Jakarta, Indonesia
System Name micropage7
Processor Intel G4400
Motherboard MSI B150M Bazooka D3
Cooling Stock ( Lapped )
Memory 16 Gb Team Xtreem DDR3
Video Card(s) Nvidia GTX460
Storage Seagate 1 TB, 5oo Gb and SSD A-Data 128 Gb
Display(s) LG 19 inch LCD Wide Screen
Case HP dx6120 MT
Audio Device(s) Stock
Power Supply Be Quiet 600 Watt
Software Windows 7 64-bit
Benchmark Scores Classified
#4
Well you pay him a visit, Knock on his door, as he opens it, knock him the fuck out. :slap:
Just attack him. simple shit man.
LOL.. you make me laugh
yea, why your friend attack you? :confused:
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
17,055 (3.44/day)
Likes
17,957
Processor Core i7-4790K
Memory 16 GB
Video Card(s) GTX 1080
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 7
#6
If you have a dynamic IP, just disconnect your router and reconnect so it fetches another IP.

There is nothing else you can do on your end to mitigate the attack, as it's overloading your incoming line. You could call your ISP and explain the situation, they can drop all packets from your friend before they enter your line, but this usually also means they'll inform the authorities
 
Joined
May 13, 2010
Messages
4,422 (1.60/day)
Likes
1,603
System Name RemixedBeast
Processor Intel i5 3570K @ 3.4Ghz
Motherboard ASRock Z77 Pro3
Cooling Coolermaster Hyper 212 Evo
Memory 16GB Corsair XMS3
Video Card(s) EVGA Nvidia GTX 650 Ti SSC 1GB
Storage 1.5TB Seagate/128GB Samsung 840
Display(s) Samsung SyncMaster P2350 23in @ 1920x1080 + LG Flatron 19in Widescreen 1440x900
Case Antec Three Hundred Two
Audio Device(s) Beyerdynamic DT770 Pro 80 // Fiio E7 Amp/DAC
Power Supply 620w Antec High Current Gamer HCG-620M
Mouse Logitech G700s/G502
Keyboard Logitech K740
Software Windows Server 2012 x64 Standard
Benchmark Scores Network: APs: Cisco Meraki MR32, Ubiquiti Unifi AP-AC-LR and Lite, Ligowave NFT-3AC
#7
Bo$$ had the best solution
 

Aquinus

Resident Wat-man
Joined
Jan 28, 2012
Messages
10,399 (4.84/day)
Likes
5,480
Location
Concord, NH
System Name Kratos
Processor Intel Core i7 3930k @ 4.2Ghz
Motherboard ASUS P9X79 Deluxe
Cooling Zalman CPNS9900MAX 130mm
Memory G.Skill DDR3-2133, 16gb (4x4gb) @ 9-11-10-28-108-1T 1.65v
Video Card(s) MSI AMD Radeon R9 390 GAMING 8GB @ PCI-E 3.0
Storage 2x120Gb SATA3 Corsair Force GT Raid-0, 4x1Tb RAID-5, 1x500GB
Display(s) 1x LG 27UD69P (4k), 2x Dell S2340M (1080p)
Case Antec 1200
Audio Device(s) Onboard Realtek® ALC898 8-Channel High Definition Audio
Power Supply Seasonic 1000-watt 80 PLUS Platinum
Mouse Logitech G602
Keyboard Rosewill RK-9100
Software Ubuntu 17.10
Benchmark Scores Benchmarks aren't everything.
#8
If you have a dynamic IP, just disconnect your router and reconnect so it fetches another IP.

There is nothing else you can do on your end to mitigate the attack, as it's overloading your incoming line. You could call your ISP and explain the situation, they can drop all packets from your friend before they enter your line, but this usually also means they'll inform the authorities
If you use a spoofed MAC address on your router and restart your modem, DHCP will automatically get you a new IP. Just restarting the modem won't get you a new IP unless the lease time is incredibly short and more often than not I find that it's an hour or longer (mine is several days,) so the only way for me to force it to give me a new IP is by using a different MAC.

Afterwards you should do what Bo$$ described. You have to make sure it doesn't happen again. :)

You could also tell your router to block incoming ICMP packets, most routers can do this.

Edit:
Here we go, nothing like a user manual to help you out:
icmp.PNG


Enable both highlighted settings and set the packets/s for the ICMP flood filter to 25. That should work nicely.

Now you really can tell him to shove it and do what Bo$$ suggested and you know regardless of the outcome, he won't be doing it again. :)
 
Last edited:

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
17,055 (3.44/day)
Likes
17,957
Processor Core i7-4790K
Memory 16 GB
Video Card(s) GTX 1080
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 7
#9
ICMP flood filter
that wont work, unless your network connection has more bandwidth than the attacker has bandwidth. no matter what you set on the router, packets will still travel from your ISP to your router and congest your line
 
Joined
May 1, 2008
Messages
1,038 (0.30/day)
Likes
564
Location
Frankfurt/Main - Germany
System Name Shaman of Sexy
Processor AMD Phenom II X4 955 BE@4Ghz EK Supreme Block
Motherboard M3A79-T Deluxe Anfi-Tech Waterblocks
Cooling Magicool 360 + 120 + 120 Slim scythe slipped Laing DDC-1/T
Memory 4GB Corsair Dominator CM2X2048-8500C5D
Video Card(s) Sapphire ATI Radeon HD 4870 X2 EK 4870 X2 Block
Storage RAID 0 Seagate
Display(s) Samsung 226BW 22"
Case CoolerMaster Cosmos RC-1000 in mod progress
Audio Device(s) onboard
Power Supply Coba Nitrox 750W
Software Windows 7 Ultimate
Benchmark Scores http://service.futuremark.com/compare?3dmv=1056967
#10
use some tool like "wireshark" to catch the ICMP flood attack by pattern (usually it is mainly same type / size),
match it and drop that packets directly on router via iptables rules set .....
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
17,055 (3.44/day)
Likes
17,957
Processor Core i7-4790K
Memory 16 GB
Video Card(s) GTX 1080
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 7
#11
use some tool like "wireshark" to catch the ICMP flood attack by pattern, match it and drop that packets directly on router via iptables rules set .....
see my previous post
 
Joined
May 1, 2008
Messages
1,038 (0.30/day)
Likes
564
Location
Frankfurt/Main - Germany
System Name Shaman of Sexy
Processor AMD Phenom II X4 955 BE@4Ghz EK Supreme Block
Motherboard M3A79-T Deluxe Anfi-Tech Waterblocks
Cooling Magicool 360 + 120 + 120 Slim scythe slipped Laing DDC-1/T
Memory 4GB Corsair Dominator CM2X2048-8500C5D
Video Card(s) Sapphire ATI Radeon HD 4870 X2 EK 4870 X2 Block
Storage RAID 0 Seagate
Display(s) Samsung 226BW 22"
Case CoolerMaster Cosmos RC-1000 in mod progress
Audio Device(s) onboard
Power Supply Coba Nitrox 750W
Software Windows 7 Ultimate
Benchmark Scores http://service.futuremark.com/compare?3dmv=1056967
#12
see my previous post
works m8, done this on DNS Reflection Attack for Anycast..... :)
it drops by rule hex notation in packet header
 
Joined
May 4, 2013
Messages
67 (0.04/day)
Likes
0
#13
Enable both highlighted settings and set the packets/s for the ICMP flood filter to 25. That should work nicely.

Now you really can tell him to shove it and do what Bo$$ suggested and you know regardless of the outcome, he won't be doing it again.

works or not?
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
17,055 (3.44/day)
Likes
17,957
Processor Core i7-4790K
Memory 16 GB
Video Card(s) GTX 1080
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 7
#14
works m8, done this on DNS Reflection Attack for Anycast..... :)
it drops by rule hex notation in packet header
it might work on some attacks, but not on a normal icmp flood or any other type of attack that's trying to use up all your incoming bandwidth
 
Joined
Sep 4, 2009
Messages
967 (0.32/day)
Likes
221
System Name El Superbeasto V1.2
Processor Intel i5-2500k @ 5.0 ghz
Motherboard MSI Z77A-GD55
Cooling XSPC Raystorm CPU + 2 RX360 radiator + xspc Razor R9-290 w/ backplate
Memory 16gb G.skill Sniper 1866 ddr3 (9-9-9-24)
Video Card(s) XFX R9 290 w/ XSPC Razor full cover block and backplate
Storage Hyper-X 120gb-OS, WD Caviar black 2TB-Steam, Plextor M5S 256gb - MMOs+RTS games
Display(s) Samsung 23" 120hz 3d LCD w/ 3d glasses, using 'lightboost' trick
Case NZXT H630 white watercooling case
Audio Device(s) Soundblaster ZX + Sennheiser HD 598
Power Supply XFX Pro 850 XXX semi-modular
Software Windows 10 Pro (Had some mystery error on Win7 and decided to go W10)
#16
Call your ISP, call the police. If someone is doing this to you, they are not your friend. Find out the penalties for cybercrimes and inform him that you will take action to stop him.

If you aren't going to do that, then do as Bo$$ suggested.
 

Black Panther

Senior Moderator™
Staff member
Joined
May 30, 2007
Messages
8,957 (2.33/day)
Likes
2,166
System Name Great White Bengal
Processor i7 930 @ 4Ghz
Motherboard Gigabyte GA-X58A-UD3R
Cooling Scythe Yasya
Memory 12GB (3 x 4GB DDR3 Geil Black Dragon)
Video Card(s) Zotac 670 4GB
Storage eSata Seagate 2TB -- 240GB SSD Sandisk Extreme
Display(s) 27" 2560x1440 Dell U2711
Case NZXT Switch 810 White
Audio Device(s) Onboard sound & Z5500 Speakers
Power Supply Corsair 850W Gold
Mouse Asus ROG Sica
Keyboard Motospeed
Software Windows 10
#18
Tell him you're serious about calling the police. A joke for a couple of minutes might be ok, but if he persists...
 
Joined
May 4, 2013
Messages
67 (0.04/day)
Likes
0
#19
By the way, my previous router did not work anymore since the attacks. It affects?
and we are purchase the TP-LINK router from ISPs.
 
Joined
May 13, 2010
Messages
4,422 (1.60/day)
Likes
1,603
System Name RemixedBeast
Processor Intel i5 3570K @ 3.4Ghz
Motherboard ASRock Z77 Pro3
Cooling Coolermaster Hyper 212 Evo
Memory 16GB Corsair XMS3
Video Card(s) EVGA Nvidia GTX 650 Ti SSC 1GB
Storage 1.5TB Seagate/128GB Samsung 840
Display(s) Samsung SyncMaster P2350 23in @ 1920x1080 + LG Flatron 19in Widescreen 1440x900
Case Antec Three Hundred Two
Audio Device(s) Beyerdynamic DT770 Pro 80 // Fiio E7 Amp/DAC
Power Supply 620w Antec High Current Gamer HCG-620M
Mouse Logitech G700s/G502
Keyboard Logitech K740
Software Windows Server 2012 x64 Standard
Benchmark Scores Network: APs: Cisco Meraki MR32, Ubiquiti Unifi AP-AC-LR and Lite, Ligowave NFT-3AC
#20
They are not a good friend
 
Joined
May 14, 2009
Messages
2,132 (0.68/day)
Likes
477
Location
Chicago burbs
System Name Halloween Boo!
Processor Intel Core i7 3770K
Motherboard Gigabyte Z77-Up7
Cooling Custom Water/ Thermalchill TA 120.3/ Swiftech Apogeee XT/ MCP655/ Swiftech M icrores/ XSPC RX 240
Memory 16G G.Skill trident 2400MHz
Video Card(s) 3 x Radeon 7970
Storage OCZ Revo Drive 240G
Display(s) 24 inch Viewsonic
Case Phobia WayCoolIt Test Bench
Power Supply Nexus 1100 watt
#22
Get one of these:



  1. Knock on his door
  2. Quickly pull the trigger on the stun gun
  3. Watch him fall
  4. Go back home and look at your animal porn
 
Joined
May 13, 2010
Messages
4,422 (1.60/day)
Likes
1,603
System Name RemixedBeast
Processor Intel i5 3570K @ 3.4Ghz
Motherboard ASRock Z77 Pro3
Cooling Coolermaster Hyper 212 Evo
Memory 16GB Corsair XMS3
Video Card(s) EVGA Nvidia GTX 650 Ti SSC 1GB
Storage 1.5TB Seagate/128GB Samsung 840
Display(s) Samsung SyncMaster P2350 23in @ 1920x1080 + LG Flatron 19in Widescreen 1440x900
Case Antec Three Hundred Two
Audio Device(s) Beyerdynamic DT770 Pro 80 // Fiio E7 Amp/DAC
Power Supply 620w Antec High Current Gamer HCG-620M
Mouse Logitech G700s/G502
Keyboard Logitech K740
Software Windows Server 2012 x64 Standard
Benchmark Scores Network: APs: Cisco Meraki MR32, Ubiquiti Unifi AP-AC-LR and Lite, Ligowave NFT-3AC
#24
Make your friend get you a new router and pay for your connection for the next few years and also do what Dr. Deathx said
 
Joined
May 4, 2013
Messages
67 (0.04/day)
Likes
0
#25
By the way, my previous router did not work anymore since the attacks. It affects?
and we are purchase the TP-LINK router from ISPs.