- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I recently had FiOS installed in my home a few days ago and so far I am very satisfied with the service, except for one thing which I'm not too sure about. So I like to play online games, and unfortunately there are no shortage of users in online games who will use packet sniffing software to find your IP address and use this to send DDoS attacks to your internet connection when you are winning against them, causing your internet to disconnect, which is an unpleasant experience to be on the receiving end of, to say the least. Unfortunately this has happened to me many times, however when I had cable internet with Optimum, getting a new WAN IP address was as easy as cloning the router's MAC address to something else, and then bam, new IP. I tried this same process after switching to FiOS, but it doesn't seem to work, and I keep getting assigned the same WAN IP. I have been searching around the internet looking for a working method to accomplish this with FiOS, and here is what I have found: release DHCP lease, wait 5-15 minutes, renew DHCP lease (didn't work), release DHCP lease, clone MAC, wait 5-15 minutes, renew DHCP lease (also didn't work). If anyone knows a current way to change your WAN IP Address on FiOS that works in 2020, please do reply below, as I have been scared to play any games online since I got FiOS because if I become the target of a DDoS attack again I don't have a reliable way to pick up a new WAN IP.
Thanks
I'm using the Ubiquiti EdgeRouter X with the black Verizon ONT model I-211M-L
Solved! Go to Correct Answer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
One thing you may want to do is disable the UPnP feature in your router, if it's turned on. Although on Consoles this increases your NAT Type to Moderate NAT or NAT Type 2, it helps to lessen the number of connections you're making to other peers in a lobby or game. Voice calls will still be transmitted through "Peer to Peer" unless the console has gained an ability to use a Relay server. Relay servers are something to look into.
Something else which helps is ensuring your Public IP isn't allowing pings. By default, the FiOS routers should be set with the Firewall set to "Low" which will stop ICMP pings.
Beyond that, if you know who is attacking, report them to the online service (XBL, PSN, Steam, etc) for initiating denial of service attacks. This goes against laws like The Computer Fraud and Abuse Act, and is also against the Terms of Service of any reputable ISP, whether it's Verizon, Xfinity, AT&T, Spectrum, etc. Players engaging in activities like that can certainly get their Internet access disconnected, and can also get their accounts disabled or banned. It doesn't matter how good they are in Call of Duty.
As for changing the FiOS IP address, you would need to change the MAC Address that Verizon sees to get a different IP address, or you'll need to leave your router off for several hours and pray someone else claims your former IP address. Generally, changing IP addresses just shifts the problem to someone else if it's a sustained attack, and really shouldn't be done (IMO).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just tried MAC cloning and it worked for me. Only thing different I did was disable my router's WAN interface before changing the MAC address. I am using a Asus RT-AC1900P. What model router are you using?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm using a Ubiquiti EdgeRouter X, not sure how I can disable the WAN interface on there. Did you release your DHCP before disabling WAN interface?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
One thing you may want to do is disable the UPnP feature in your router, if it's turned on. Although on Consoles this increases your NAT Type to Moderate NAT or NAT Type 2, it helps to lessen the number of connections you're making to other peers in a lobby or game. Voice calls will still be transmitted through "Peer to Peer" unless the console has gained an ability to use a Relay server. Relay servers are something to look into.
Something else which helps is ensuring your Public IP isn't allowing pings. By default, the FiOS routers should be set with the Firewall set to "Low" which will stop ICMP pings.
Beyond that, if you know who is attacking, report them to the online service (XBL, PSN, Steam, etc) for initiating denial of service attacks. This goes against laws like The Computer Fraud and Abuse Act, and is also against the Terms of Service of any reputable ISP, whether it's Verizon, Xfinity, AT&T, Spectrum, etc. Players engaging in activities like that can certainly get their Internet access disconnected, and can also get their accounts disabled or banned. It doesn't matter how good they are in Call of Duty.
As for changing the FiOS IP address, you would need to change the MAC Address that Verizon sees to get a different IP address, or you'll need to leave your router off for several hours and pray someone else claims your former IP address. Generally, changing IP addresses just shifts the problem to someone else if it's a sustained attack, and really shouldn't be done (IMO).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the suggestions, but the EdgeRouter X by default comes with no uPnP installed by default, unlike most other routers you have to go out of your way to turn it on rather than to turn it off, it also blocks ICMP on the WAN port by default. The router's firewall also doesn't have any open ports, but unfortunately, as far as I'm aware, once the packets from a DDoS attack make it to the target's router, the internet will go offline regardless of any firewall rules the router may have, unless it's some sort of expensive on-premises DDoS mitigation box.
I have tried running a packet capture on my router's WAN interface while the attacks are running in order to submit abuse reports to the network sending the DDoS, but the source IP addresses that I see hitting my router are either a completely different, seemingly randomly generated source IP in each packet, or it says something like 1.1.1.1 or 8.8.8.8 which leads me to believe that most of these attacks are sent with spoofed UDP packets.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any rhyme or rhythm to what port they're using for inbound traffic? I've seen an awful lot of people using CLDAP reflection to take down connections. NTP and UDP DNS are another. One of my business clients had an attack from 28,000 IPs once, and that was fun to deal with, as it was on a Static IP. I sent a good number of Cease and Desist notices especially to Microsoft Azure. Doubt they'll do anything to make sure the Windows Server instances aren't exposing abusable services to the Internet..,
On the EdgeRouter, use this command via SSH: set interfaces ethernet <interface> <macaddress> . Make up a MAC address that is unique but valid (aka don't clone from your network). Any character from A-F and 0-9 can be used. You can simply unplug the Ethernet cable while you make this change as this will "down" the port. Run commit-confirm 15 when done, and type Yes at the prompt. If you need to identify which interface your WAN connection is on, use show interfaces at the command prompt when you are not in Configure mode.
Reconnect your Ethernet cable providing the WAN connection then confirm your IP has changed. If it has, run confirm then save to confirm your changes and save the config changes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Usually the inbound traffic is hitting UDP 80 or 443, sometimes it's hitting the port used for online game connections, sometimes even a different port with every packet.
Regarding the MAC address cloning I'm not sure if I'm doing something wrong or maybe if I need to wait a certain amount of time between plugging out the ethernet cable, changing the MAC, and plugging it back in, as every time it gives me the same IP address I had before. Oddly I tried the same thing two nights ago and it worked, I just can't seem to be able to reproduce that result though. I'm positive that I'm committing all the changes and that I'm editing the MAC of my WAN (eth0) interface, so I'm not sure what else it is that I'm missing here.