XSChris

Actually just change your mac address on your router to whichever you like, I just copy address from the PC I'm on and edit a few values.

Most if not all dynamic IP cable ISP's should provide you with a new IP.

thats what 3 steps?

1) Login to router admin panel

2) Go to page to change mac address of the routers uplink interface, do it to your liking

3) Reboot modem and router to get new IP address

Your modem will grab the new mac and issue another IP most likely, atleast on Charter this works great and on a few other ISP's I know of, if you change the mac addy enough it'll change quite dramatically.

I've also found Charter gives you same dynamic IP for months or till you change mac addy.

Went to store, came back, carefully setup DDoS blocking (If you just go wild on firewall scripts you'll just lock up the networking.

188.72.211.39 # lfd: 5 (sshd) login failures from 188.72.211.39 (DE/Germany/188-72-211-39.local) in the last 300 secs - Wed Aug  4 23:00:14 2010
76.2.158.240 # lfd: (CT) IP 76.2.158.240 (US/United States/nv-76-2-158-240.dhcp.embarqhsd.net) found to have 721 connections - Wed Aug  4 23:40:09 2010
75.167.207.105 # lfd: (CT) IP 75.167.207.105 (US/United States/-) found to have 607 connections - Wed Aug  4 23:40:11 2010
76.99.109.124 # lfd: (CT) IP 76.99.109.124 (US/United States/-) found to have 883 connections - Wed Aug  4 23:40:22 2010
69.233.137.145 # lfd: (CT) IP 69.233.137.145 (US/United States/ppp-69-233-137-145.dsl.irvnca.pacbell.net) found to have 807 connections - Wed Aug  4 23:40:33 2010
68.8.207.173 # lfd: (CT) IP 68.8.207.173 (US/United States/ip68-8-207-173.sd.sd.cox.net) found to have 668 connections - Wed Aug  4 23:40:51 2010
71.75.167.46 # lfd: (CT) IP 71.75.167.46 (US/United States/-) found to have 922 connections - Wed Aug  4 23:41:02 2010
69.231.72.52 # lfd: (CT) IP 69.231.72.52 (US/United States/adsl-69-231-72-52.dsl.irvnca.pacbell.net) found to have 264 connections - Wed Aug  4 23:41:05 2010
71.23.181.126 # lfd: (CT) IP 71.23.181.126 (US/United States/71-23-181-126.chi.clearwire-wmx.net) found to have 853 connections - Wed Aug  4 23:41:32 2010
24.5.24.171 # lfd: (CT) IP 24.5.24.171 (US/United States/-) found to have 511 connections - Wed Aug  4 23:41:49 2010
24.26.241.76 # lfd: (CT) IP 24.26.241.76 (US/United States/-) found to have 1034 connections - Wed Aug  4 23:42:19 2010
99.23.162.32 # lfd: (CT) IP 99.23.162.32 (US/United States/-) found to have 228 connections - Thu Aug  5 00:22:50 2010
70.76.98.58 # lfd: (CT) IP 70.76.98.58 (CA/Canada/s0106001346cd70ad.tb.shawcable.net) found to have 852 connections - Thu Aug  5 00:22:50 2010
184.56.224.10 # lfd: (CT) IP 184.56.224.10 (-/-/cpe-184-56-224-10.neo.res.rr.com) found to have 800 connections - Thu Aug  5 00:22:55 2010
173.26.31.74 # lfd: (CT) IP 173.26.31.74 (US/United States/173-26-31-74.client.mchsi.com) found to have 1120 connections - Thu Aug  5 00:22:56 2010
216.70.3.154 # lfd: (CT) IP 216.70.3.154 (US/United States/-) found to have 1028 connections - Thu Aug  5 00:22:57 2010
71.9.192.253 # lfd: (CT) IP 71.9.192.253 (US/United States/-) found to have 114 connections - Thu Aug  5 00:22:58 2010
58.7.155.161 # lfd: (CT) IP 58.7.155.161 (AU/Australia/dsl-58-7-155-161.wa.westnet.com.au) found to have 737 connections - Thu Aug  5 00:23:00 2010
24.205.242.119 # lfd: (CT) IP 24.205.242.119 (US/United States/24-205-242-119.dhcp.gvrb.ca.charter.com) found to have 831 connections - Thu Aug  5 00:23:00 2010
97.118.228.33 # lfd: (CT) IP 97.118.228.33 (US/United States/97-118-228-33.hlrn.qwest.net) found to have 910 connections - Thu Aug  5 00:23:01 2010
80.217.207.140 # lfd: (CT) IP 80.217.207.140 (SE/Sweden/c80-217-207-140.bredband.comhem.se) found to have 1086 connections - Thu Aug  5 00:23:02 2010
74.65.91.230 # lfd: (CT) IP 74.65.91.230 (US/United States/cpe-74-65-91-230.stny.res.rr.com) found to have 1040 connections - Thu Aug  5 00:23:03 2010
86.24.22.118 # lfd: (CT) IP 86.24.22.118 (GB/United Kingdom/client-86-24-22-118.midd.adsl.tesco.net) found to have 898 connections - Thu Aug  5 00:23:04 2010
98.171.179.149 # lfd: (CT) IP 98.171.179.149 (US/United States/ip98-171-179-149.sb.sd.cox.net) found to have 792 connections - Thu Aug  5 00:23:05 2010
71.75.101.165 # lfd: (CT) IP 71.75.101.165 (US/United States/cpe-071-075-101-165.carolina.res.rr.com) found to have 864 connections - Thu Aug  5 00:23:08 2010
65.185.170.92 # lfd: (CT) IP 65.185.170.92 (US/United States/cpe-65-185-170-92.neo.res.rr.com) found to have 861 connections - Thu Aug  5 00:23:09 2010
220.236.249.143 # lfd: (CT) IP 220.236.249.143 (AU/Australia/d220-236-249-143.dsl.nsw.optusnet.com.au) found to have 721 connections - Thu Aug  5 00:23:10 2010
175.144.244.115 # lfd: (CT) IP 175.144.244.115 (-/-/-) found to have 926 connections - Thu Aug  5 00:23:11 2010
173.19.110.173 # lfd: (CT) IP 173.19.110.173 (US/United States/173-19-110-173.client.mchsi.com) found to have 843 connections - Thu Aug  5 00:23:12 2010
24.14.27.96 # lfd: (CT) IP 24.14.27.96 (US/United States/c-24-14-27-96.hsd1.il.comcast.net) found to have 1349 connections - Thu Aug  5 00:23:13 2010
24.33.147.31 # lfd: (CT) IP 24.33.147.31 (US/United States/cpe-24-33-147-31.woh.res.rr.com) found to have 1015 connections - Thu Aug  5 00:23:15 2010
189.189.180.249 # lfd: (CT) IP 189.189.180.249 (MX/Mexico/dsl-189-189-180-249-dyn.prod-infinitum.com.mx) found to have 590 connections - Thu Aug  5 00:23:16 2010
68.99.103.6 # lfd: (CT) IP 68.99.103.6 (US/United States/ip68-99-103-6.hr.hr.cox.net) found to have 1112 connections - Thu Aug  5 00:23:17 2010
70.235.76.50 # lfd: (CT) IP 70.235.76.50 (US/United States/adsl-70-235-76-50.dsl.mrdnct.sbcglobal.net) found to have 670 connections - Thu Aug  5 00:23:18 2010
98.223.218.65 # lfd: (CT) IP 98.223.218.65 (US/United States/c-98-223-218-65.hsd1.in.comcast.net) found to have 1554 connections - Thu Aug  5 00:23:19 2010
66.36.144.193 # lfd: (CT) IP 66.36.144.193 (CA/Canada/dsl-144-193.aei.ca) found to have 873 connections - Thu Aug  5 00:23:20 2010
71.246.251.5 # lfd: (CT) IP 71.246.251.5 (US/United States/pool-71-246-251-5.washdc.fios.verizon.net) found to have 1749 connections - Thu Aug  5 00:23:21 2010
24.5.118.3 # lfd: (CT) IP 24.5.118.3 (US/United States/c-24-5-118-3.hsd1.ca.comcast.net) found to have 143 connections - Thu Aug  5 00:23:47 2010
66.249.71.227 # lfd: (CT) IP 66.249.71.227 (US/United States/crawl-66-249-71-227.googlebot.com) found to have 55 connections - Thu Aug  5 00:29:22 2010

This is why I don't run tight blocks if you notice the innocent google bot but I set it to 100 originally and it wasn't picking up ANY, will try 75 instead of 50 for a few days.

Anybody else with a sharp eye notice their mostly on Comcast? Yall comcast users has viruz's yo - anyways I'll let this cute picture do the talking, who's the DDoS'er? As a host for over 4 years your botnet fails, that french asshole we had a few years ago did a much better job, then suffered with his main system root'd and the botnet stolen, redirected to his residential ISP.

I'm a noob at web hosting eh.

I'll be blocking anyone related to these attacks shortly at the server level and pass it to our upstream provider to block at both locations network level.

This DDoS is very ineffective & this is DDoS protected hosting, not all forms and methods of DDoS attacks can be filtered, or filtered properly at that. The systems putting up fine with the attack, whatever little kid is running this attack is just clogging up tubes for no reason.

Edit: Jesus christ almost a thousand connections steady.

Yes Peaches, Those addresses do in fact look similar to the prior botnet attack. I'll try to find logs from the old system of addresses banned so we can push shaw on disabling his internet. He had his first strike now I believe they'll revoke his internet permanently.

jmdalmighty- He has been caught, his ISP has served a formal abuse notice and only has 1 or 2 strikes left before he cannot buy internet again in Canada. This is why you don't run a botnet and let your residential ISP ip address be leaked out.

Edit: Just pumping 100req/sec + :|

Subject: RE: (68.151.248.227) 68.151.248.227

Thank you for your information regarding the alleged violation of the Shaw Internet Acceptable Use Policy.

Based on the information provided, we have identified the offending computer and will take appropriate action(s).

These actions may be:
- Issue a warning by email indicating a complaint has been registered
- Issue a warning that service may be suspended if activity continues
- Suspend or terminate Shaw Internet connection to customer

If your message is in regard to any threat of violence, bodily harm, or other danger, please contact your local Law Enforcement Authorities immediately!
If you feel this case also consists of illegal activity, we encourage you to issue a formal complaint with your local Law Enforcement Authorities.
If warranted, Shaw will cooperate fully with the Law Enforcement Authorities involved.

Our AUP can be located at https://secure.shaw..../Use-Policy.asp for reference.


Regards,

Acceptable Use Policy Management Team
Shaw High-Speed Internet Service
Shaw Cablesystems G.P.
2400 - 32nd Avenue N.E.
Calgary, Alberta, T2E 9A7
Telephone: (403)750-7420
Facsimile: (403)539-6831

<mailto:internet.abuse@sjrb.ca> (br)
<https://secure.shaw....Use-Policy.asp>

We will be fallowing up with Shaw Communications next time we hear some kid named ReDBaRz from around Alberta, Canada is even touching my web servers. XenServ Hosting is also currently looking into other action, I hope your parents are rich in the event one of our customers whom lost money due to their site being down want to take perfectly legal, action against your illegal, rude activities. Which is one of the only reasons you can take legal action over a (D)DOS, and thats a good dozen sites making quite a number daily.... oh and courts would demand restitution for our losses too but I'm sure everybody here knows how that works, a timely process indeed.

Bottom line guys, if you can D/DDOS, you're so cool. Just remember it's prick to take down websites and you can face charges for damages, so why be a dumb script kiddie running a botnet you can buy from host booter, learn how to really hack or at least learn how to really DDOS. His attack just floods a system very weak and poorly executed, if I had a device that could filter the traffic we'd of been fine but those cost mucho. I used to know how to attack at excess of 100mbit/sec however years ago I learned only big flapping vaginas ddos and I never even had a use for that power, ReDFaGs attack was a measly few mbps as it's just http flooding LOL

EDIT

If you feel this case also consists of illegal activity, we encourage you to issue a formal complaint with your local Law Enforcement Authorities.

^^See that, I like Shaw's thinking, I'll just need them to hand over name and address, win.