|
|
Thread Tools | Display Modes |
02-17-2014, 11:20 PM | #1 |
FFR Veteran
Join Date: Jun 2012
Age: 28
Posts: 2,893
|
Looking for people that know a bunch about IP addresses/MAC addresses/etc
I've looked into it quite a bit and discovered that my router (AT&T U-Verse 2WIRE387), has a dynamic (changes on its own) IP address, but it changes VERY rarely.
I'm currently needing to change it ASAP, and so far i've looked into it enough to find out that the reason the address rarely changes on its own is because the MAC address needs to be changed in order for the DHCP to render a new IP address I'm currently trying to figure out exactly how to change the MAC address, the farthest i've gotten is downloading SMAC 2.0, but it hasn't proven to be of use. I have tried unplugging my modem/router overnight to generate a new IP I've tried contacting AT&T, they were absolutely no help TL;DR: I need tips on how to change the IP address or simply the MAC address on an AT&T U-Verse 2WIRE387 router because a DDOS attacker is using my current, nearly static IP address to fuck my connection in the ass, and AT&T isn't helping me.
__________________
|
02-17-2014, 11:53 PM | #2 |
stepmania archaeologist
Join Date: Aug 2005
Age: 34
Posts: 4,090
|
Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc
Not sure if this'll help, but:
__________________
Best AAA: Policy In The Sky [Oni] (81) Best SDG: PANTS (86) Best FC: Future Invasion (93) |
02-17-2014, 11:54 PM | #3 |
Banned
Join Date: Nov 2013
Posts: 8,563
|
Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc
capture the packets using wireshark, and block icmp packets from your attacker's ip address
I want to say that if you have proof of a DDOS attack, you can pursue (threaten) legal action, based off RFC 1087 and, more importantly, the Computer Fraud and Abuse act edit: for qqwref's post, the only thing that may help is the second little tidbit, and even then that may not work. the other two renew your DHCP lease, which may change your private ip address (with AT&T, I'll say that using ipconfig in command prompt will get you an ip address of 192.168.xxx.xxx and a subnet mask of 255.255.255.000), but they generally don't change your public ip. Last edited by choof; 02-17-2014 at 11:58 PM.. |
02-17-2014, 11:56 PM | #4 |
new hand moves = dab
Join Date: Dec 2002
Location: he/they
Age: 33
Posts: 10,094
|
Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc
wtf ninja'd I was about to paste that first quote from qqwref (edit: guess it's no help though.)
based on the results from those at&t forums, it doesn't sound like it's easy or simple to accomplish. try everything until something works, basically. edit: choof, how easy would it be to tell which address(es) are from the attacker? especially if it's actually a DDOS wouldn't there be many? Last edited by dAnceguy117; 02-18-2014 at 12:00 AM.. |
02-17-2014, 11:59 PM | #5 |
Banned
Join Date: Nov 2013
Posts: 8,563
|
Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc
not many people are going to be pinging ohd's public IP haha, if he filters by icmp packets he should be able to find the attacker's address
|
02-18-2014, 12:04 AM | #6 |
new hand moves = dab
Join Date: Dec 2002
Location: he/they
Age: 33
Posts: 10,094
|
Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc
download page for wireshark:
http://www.wireshark.org/download.html quick instructions for ohaider might help. I've only used wireshark once or twice, I have no idea what I'm doing. anyone wanna give it a shot? |
02-18-2014, 12:17 AM | #7 |
Banned
Join Date: Nov 2013
Posts: 8,563
|
Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc
quick instructions since I'm headed to bed soon
once you open the program, on the left select "Capture Options" if you're using wifi/wireless, select Wireless Network Connection. likewise, if you're wired, use Local Area Connection unselect promiscuous mode (mfw promiscuous) under Capture Filter, type in "icmp" hit start, and the screen will change. wait for maybe 30s to a minute, then on the bar at the top, select File -> Export Packet Dissections -> as "Plain Text" copy the contents of that plain text file into pastebin and post here; I'll check it out in the morning the contents will look something like this Code:
No. Time Source Destination Protocol Length Info 1 0.000000000 184.75.213.250 172.20.102.21 ICMP 146 Destination unreachable (Port unreachable) Frame 1: 146 bytes on wire (1168 bits), 146 bytes captured (1168 bits) on interface 0 Ethernet II, Src: Hewlett-_42:d4:81 (2c:41:38:42:d4:81), Dst: Tp-LinkT_8a:a3:a8 (64:66:b3:8a:a3:a8) Destination: Tp-LinkT_8a:a3:a8 (64:66:b3:8a:a3:a8) Address: Tp-LinkT_8a:a3:a8 (64:66:b3:8a:a3:a8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Hewlett-_42:d4:81 (2c:41:38:42:d4:81) Address: Hewlett-_42:d4:81 (2c:41:38:42:d4:81) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 184.75.213.250 (184.75.213.250), Dst: 172.20.102.21 (172.20.102.21) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x20 (DSCP 0x08: Class Selector 1; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) Total Length: 132 Identification: 0xdaa3 (55971) Flags: 0x00 Fragment offset: 0 Time to live: 50 Protocol: ICMP (1) Header checksum: 0x0d46 [correct] Source: 184.75.213.250 (184.75.213.250) Destination: 172.20.102.21 (172.20.102.21) [Source GeoIP: Unknown] [Destination GeoIP: Unknown] Internet Control Message Protocol |
02-18-2014, 12:30 AM | #8 |
nanodesu~
|
Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc
Well, I should mention that things like SMAC only change your computer's MAC, which doesn't matter at all in this case. You'll need to change your router's, which you're likely only going to be able to do with the router's web control panel if it's even possible.
If it's not possible, dunno. You might be able to manually release your dhcp lease and then leave it disconnected for a few days? Either that or hope it has a passthrough/modem mode and use a different router instead. Or install alternate firmware... In the end I would suggest maybe calling your ISP and see if they can help?
__________________
FMO AAAs (1): Within Life :: FGO AAAs (1): Einstein-Rosen Bridge |
02-18-2014, 12:25 PM | #9 |
FFR Veteran
Join Date: Oct 2006
Posts: 683
|
Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc
A MAC address is unique to to router. It is pretty much a physical address rather than a logical one. In order to change your MAC address you would need to buy a new router. You will be unable to get a new IP address because your ISP only gives you one . There are private and public IP addresses. DHCP assigns private IP addresses. Network Address Translation translates all the private IP addresses on your network into the one public IP address that your ISP has assigned you. The public address is the one everyone sees you as. You could get a new IP address by switching providers. Post some stuff if you want to know anything else.
Source: I'm studying networking in school. Last edited by RNGRX; 02-18-2014 at 12:45 PM.. |
02-18-2014, 12:52 PM | #10 |
Banned
Join Date: Nov 2013
Posts: 8,563
|
Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc
you can change your mac address through packet spoofing, although there's really no need to do so unless you're traveling through a switch... or trying to do naughty things
|
02-18-2014, 05:12 PM | #11 | |
nanodesu~
|
Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc
Quote:
Hey now, forcing your ISP to give you a different IP (or spoofing an old router's address to get your old IP back) is a common legitimate use case for spoofing a mac address :P
__________________
FMO AAAs (1): Within Life :: FGO AAAs (1): Einstein-Rosen Bridge Last edited by arcnmx; 02-18-2014 at 05:15 PM.. |
|
02-18-2014, 10:00 PM | #12 |
FFR Veteran
Join Date: Jun 2012
Age: 28
Posts: 2,893
|
Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc
Thanks for the great info, definitely gonna study all this stuff up
@ choof, i have the name of the guy DDOS attacking because he was so kind as to tell me he was doing it over and over again haha, that's when i began researching only to find out how easy it is to do over skype. honestly surprised it hasn't happened till now edit: he's appearently pretty notorious for it among the little group of mutual friends we have over skype internet bully oh no double edit: I contacted AT&T and they told me it's virtually impossible for them to just give me a new IP manually (reasonable), but told me resetting my router for 15 seconds should do the trick... No results Last edited by Ohaider; 02-18-2014 at 11:43 PM.. |
02-19-2014, 07:06 PM | #13 |
Banned
Join Date: Nov 2013
Posts: 8,563
|
Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc
most internet providers have a tiered support system, the people you spoke to are probably bottom of the food chain and are reading from a script
it's not "virtually impossible," it's just that it can be tedious to give someone a new ip on their side |
02-21-2014, 06:25 PM | #14 | |
Banned
Join Date: Nov 2013
Posts: 8,563
|
Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc
Quote:
edit: oops nevermind, I thought we were changing the mac of ohd's (wireless)nic and not the router. disregard !! |
|
02-22-2014, 02:15 AM | #15 |
FFR Veteran
Join Date: Oct 2006
Posts: 683
|
Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc
+1 for using affect/effect correctly.
|
02-22-2014, 12:32 PM | #16 | |
D6 Challeneged
Join Date: Aug 2012
Age: 31
Posts: 1,267
|
Re: Looking for people that know a bunch about IP addresses/MAC addresses/etc
I've been getting ddosed on and off for about 6 months as well, I just un plug my router and go to sleep. And in the event I get a root attacker IP that I'm certain of I whois it then contact the abuse email of the isp that IP is under, usually they get cut off from the net, or legal action ensues without me having to do anything but send an email.
Quote:
Last edited by Untimely Friction; 02-22-2014 at 12:35 PM.. |
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
|
|