Looking for people that know a bunch about IP addresses/MAC addresses/etc

**qqwref** · 02-17-2014, 10:53 PM

Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc

Not sure if this'll help, but:

**choof** · 02-17-2014, 10:54 PM

Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc

capture the packets using wireshark, and block icmp packets from your attacker's ip address

I want to say that if you have proof of a DDOS attack, you can pursue (threaten) legal action, based off RFC 1087 and, more importantly, the Computer Fraud and Abuse act

edit: for qqwref's post, the only thing that may help is the second little tidbit, and even then that may not work. the other two renew your DHCP lease, which may change your private ip address (with AT&T, I'll say that using ipconfig in command prompt will get you an ip address of 192.168.xxx.xxx and a subnet mask of 255.255.255.000), but they generally don't change your public ip.

**dAnceguy117** · 02-17-2014, 10:56 PM

Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc

wtf ninja'd I was about to paste that first quote from qqwref (edit: guess it's no help though.)

based on the results from those at&t forums, it doesn't sound like it's easy or simple to accomplish. try everything until something works, basically.

edit: choof, how easy would it be to tell which address(es) are from the attacker? especially if it's actually a DDOS wouldn't there be many?

**choof** · 02-17-2014, 10:59 PM

Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc

not many people are going to be pinging ohd's public IP haha, if he filters by icmp packets he should be able to find the attacker's address

**dAnceguy117** · 02-17-2014, 11:04 PM

Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc

download page for wireshark:

Wireshark • Go Deep | Download

http://www.wireshark.org/download.html

Wireshark: The world's most popular network protocol analyzer

quick instructions for ohaider might help. I've only used wireshark once or twice, I have no idea what I'm doing. anyone wanna give it a shot?

**choof** · 02-17-2014, 11:17 PM

Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc

quick instructions since I'm headed to bed soon

once you open the program, on the left select "Capture Options"
if you're using wifi/wireless, select Wireless Network Connection. likewise, if you're wired, use Local Area Connection

unselect promiscuous mode (mfw promiscuous)
under Capture Filter, type in "icmp"
hit start, and the screen will change. wait for maybe 30s to a minute, then on the bar at the top, select File -> Export Packet Dissections -> as "Plain Text"
copy the contents of that plain text file into pastebin and post here; I'll check it out in the morning

the contents will look something like this

Code:

No.     Time           Source                Destination           Protocol Length Info
      1 0.000000000    184.75.213.250        172.20.102.21         ICMP     146    Destination unreachable (Port unreachable)

Frame 1: 146 bytes on wire (1168 bits), 146 bytes captured (1168 bits) on interface 0
Ethernet II, Src: Hewlett-_42:d4:81 (2c:41:38:42:d4:81), Dst: Tp-LinkT_8a:a3:a8 (64:66:b3:8a:a3:a8)
    Destination: Tp-LinkT_8a:a3:a8 (64:66:b3:8a:a3:a8)
        Address: Tp-LinkT_8a:a3:a8 (64:66:b3:8a:a3:a8)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: Hewlett-_42:d4:81 (2c:41:38:42:d4:81)
        Address: Hewlett-_42:d4:81 (2c:41:38:42:d4:81)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IP (0x0800)
Internet Protocol Version 4, Src: 184.75.213.250 (184.75.213.250), Dst: 172.20.102.21 (172.20.102.21)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x20 (DSCP 0x08: Class Selector 1; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
    Total Length: 132
    Identification: 0xdaa3 (55971)
    Flags: 0x00
    Fragment offset: 0
    Time to live: 50
    Protocol: ICMP (1)
    Header checksum: 0x0d46 [correct]
    Source: 184.75.213.250 (184.75.213.250)
    Destination: 172.20.102.21 (172.20.102.21)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
Internet Control Message Protocol

**arcnmx** · 02-17-2014, 11:30 PM

Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc

Well, I should mention that things like SMAC only change your computer's MAC, which doesn't matter at all in this case. You'll need to change your router's, which you're likely only going to be able to do with the router's web control panel if it's even possible.

If it's not possible, dunno. You might be able to manually release your dhcp lease and then leave it disconnected for a few days? Either that or hope it has a passthrough/modem mode and use a different router instead. Or install alternate firmware... In the end I would suggest maybe calling your ISP and see if they can help?

**RNGRX** · 02-18-2014, 11:25 AM

Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc

A MAC address is unique to to router. It is pretty much a physical address rather than a logical one. In order to change your MAC address you would need to buy a new router. You will be unable to get a new IP address because your ISP only gives you one . There are private and public IP addresses. DHCP assigns private IP addresses. Network Address Translation translates all the private IP addresses on your network into the one public IP address that your ISP has assigned you. The public address is the one everyone sees you as. You could get a new IP address by switching providers. Post some stuff if you want to know anything else.

Source: I'm studying networking in school.

**choof** · 02-18-2014, 11:52 AM

Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc

you can change your mac address through packet spoofing, although there's really no need to do so unless you're traveling through a switch... or trying to do naughty things

**arcnmx** · 02-18-2014, 04:12 PM

Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc

Originally posted by RNGRX

A MAC address is unique to to router. It is pretty much a physical address rather than a logical one. In order to change your MAC address you would need to buy a new router. You will be unable to get a new IP address because your ISP only gives you one . There are private and public IP addresses. DHCP assigns private IP addresses. Network Address Translation translates all the private IP addresses on your network into the one public IP address that your ISP has assigned you. The public address is the one everyone sees you as. You could get a new IP address by switching providers. Post some stuff if you want to know anything else.

Source: I'm studying networking in school.

Eh, although you often can't physically change your MAC address, it can be spoofed temporarily, and if an OS applies it on startup then it's effectively the same thing. Routers often give you the ability to do that, though I'm not sure I'd expect it from an ISP-branded router that may have a custom/locked-down control interface. Also, many ISPs use DHCP to provide your public IP - PPPoE is more common for DSL though.

Originally posted by choof

you can change your mac address through packet spoofing, although there's really no need to do so unless you're traveling through a switch... or trying to do naughty things

Hey now, forcing your ISP to give you a different IP (or spoofing an old router's address to get your old IP back) is a common legitimate use case for spoofing a mac address :P

**Ohaider** · 02-18-2014, 09:00 PM

Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc

Thanks for the great info, definitely gonna study all this stuff up
@ choof, i have the name of the guy DDOS attacking because he was so kind as to tell me he was doing it over and over again haha, that's when i began researching only to find out how easy it is to do over skype. honestly surprised it hasn't happened till now

edit: he's appearently pretty notorious for it among the little group of mutual friends we have over skype
internet bully oh no

double edit: I contacted AT&T and they told me it's virtually impossible for them to just give me a new IP manually (reasonable), but told me resetting my router for 15 seconds should do the trick... No results

**choof** · 02-19-2014, 06:06 PM

Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc

most internet providers have a tiered support system, the people you spoke to are probably bottom of the food chain and are reading from a script

it's not "virtually impossible," it's just that it can be tedious to give someone a new ip on their side

**choof** · 02-21-2014, 05:25 PM

Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc

Originally posted by arcnmx

Hey now, forcing your ISP to give you a different IP (or spoofing an old router's address to get your old IP back) is a common legitimate use case for spoofing a mac address :P

I thought that since you went through a router to get to your ISP, a mac address wouldn't affect anything?

edit: oops nevermind, I thought we were changing the mac of ohd's (wireless)nic and not the router. disregard !!

**RNGRX** · 02-22-2014, 01:15 AM

Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc

+1 for using affect/effect correctly.

Looking for people that know a bunch about IP addresses/MAC addresses/etc

Looking for people that know a bunch about IP addresses/MAC addresses/etc

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment