Forum Thread: DDOS help

Hey all, been reading the posts for about a month now and I'd like to thank OTW and a few others I cant remember now for your help. Im a visual kinda guy and prefer the finished product to analyze it to learn. I have a question question. Is there a way to back trace a dos/ddos when Im pretty sure Its a botnet.(multiple ips from multiple locations but usually the same 3-4). My stepson has caused some trouble via garys mod and its affecting all of us. Please help.

5 Responses

a botnet you say? well then it's fairly impossible to trace it back to a specific IP address/location. even when it isn't a botnet you may still not find out the IP address of the attacker because there is something named IP spoofing. but looking from the situation you are just being attacked by a script kiddie who doesn't even know how to spoof his IP address. you can try using a sniffer on your network to see where the huge amount of traffic is coming from. i am pretty sure there are tutorials here on Null Byte about sniffers. just search for "Network Sniffing" or "Wireshark".

also, with my ISP, i can just call them and tell them i'm under a DDoS attack and then they change my IP address. perhaps your ISP could do the same?

good luck with the hunt!


yeah Im over in AUS and it will cost me 90 dollars to change my ip. Bogus I know. I use wireshark and thats how I know Im getting udp flooded.

what i would do in your case is just unplug your router during the night (+/- 6 hours). this will constantly show your IP address as offline to the attacker(s), thinking they took you down. so when they think they got rid of you, they will move on. then after "the storm is over", just plug your router in again and the attackers will be gone. and if you have a dynamic IP address your IP address will most likely change.

hope i helped


P.S. i would keep the .pcap from wireshark, so you can investigate it later.

Pcap is the default file format of Wireshark

Share Your Thoughts

  • Hot
  • Active