# ICMP attacks for me! help!



## saarxee (May 4, 2013)

My friend is attacking me to the ICMP attack for my router.
my router model is TP-LINK WR841N.
how i stop the attacks?


----------



## Bo$$ (May 4, 2013)

saarxee said:


> how i stop the attacks?



Well you pay him a visit, Knock on his door, as he opens it, knock him the fuck out.  
Just attack him. simple shit man.


----------



## saarxee (May 4, 2013)

How am I defending himself from the attack?


----------



## micropage7 (May 4, 2013)

Bo$$ said:


> Well you pay him a visit, Knock on his door, as he opens it, knock him the fuck out.
> Just attack him. simple shit man.



LOL.. you make me laugh
yea, why your friend attack you?


----------



## saarxee (May 4, 2013)

That bored him. It uses - Booter
help me please.


----------



## W1zzard (May 4, 2013)

If you have a dynamic IP, just disconnect your router and reconnect so it fetches another IP.

There is nothing else you can do on your end to mitigate the attack, as it's overloading your incoming line. You could call your ISP and explain the situation, they can drop all packets from your friend before they enter your line, but this usually also means they'll inform the authorities


----------



## remixedcat (May 4, 2013)

Bo$$ had the best solution


----------



## Aquinus (May 4, 2013)

W1zzard said:


> If you have a dynamic IP, just disconnect your router and reconnect so it fetches another IP.
> 
> There is nothing else you can do on your end to mitigate the attack, as it's overloading your incoming line. You could call your ISP and explain the situation, they can drop all packets from your friend before they enter your line, but this usually also means they'll inform the authorities



If you use a spoofed MAC address on your router and restart your modem, DHCP will automatically get you a new IP. Just restarting the modem won't get you a new IP unless the lease time is incredibly short and more often than not I find that it's an hour or longer (mine is several days,) so the only way for me to force it to give me a new IP is by using a different MAC.

Afterwards you should do what Bo$$ described. You have to make sure it doesn't happen again. 

You could also tell your router to block incoming ICMP packets, most routers can do this.

Edit:
Here we go, nothing like a user manual to help you out:





Enable both highlighted settings and set the packets/s for the ICMP flood filter to 25. That should work nicely.

Now you really can tell him to shove it and do what Bo$$ suggested and you know regardless of the outcome, he won't be doing it again.


----------



## W1zzard (May 4, 2013)

Aquinus said:


> ICMP flood filter



that wont work, unless your network connection has more bandwidth than the attacker has bandwidth. no matter what you set on the router, packets will still travel from your ISP to your router and congest your line


----------



## n0tiert (May 4, 2013)

use some tool like "wireshark" to catch the ICMP flood attack by pattern (usually it is mainly same type / size),
match it and drop that packets directly on router via iptables rules set .....


----------



## W1zzard (May 4, 2013)

n0tiert said:


> use some tool like "wireshark" to catch the ICMP flood attack by pattern, match it and drop that packets directly on router via iptables rules set .....



see my previous post


----------



## n0tiert (May 4, 2013)

W1zzard said:


> see my previous post



works m8, done this on DNS Reflection Attack for Anycast..... 
it drops by rule hex notation in packet header


----------



## saarxee (May 4, 2013)

Aquinus said:


> Enable both highlighted settings and set the packets/s for the ICMP flood filter to 25. That should work nicely.
> 
> Now you really can tell him to shove it and do what Bo$$ suggested and you know regardless of the outcome, he won't be doing it again.




works or not?


----------



## W1zzard (May 4, 2013)

n0tiert said:


> works m8, done this on DNS Reflection Attack for Anycast.....
> it drops by rule hex notation in packet header



it might work on some attacks, but not on a normal icmp flood or any other type of attack that's trying to use up all your incoming bandwidth


----------



## saarxee (May 4, 2013)

He drops my internet.


----------



## techtard (May 4, 2013)

Call your ISP, call the police. If someone is doing this to you, they are not your friend. Find out the penalties for cybercrimes and inform him that you will take action to stop him.

If you aren't going to do that, then do as Bo$$ suggested.


----------



## saarxee (May 4, 2013)

I have a friend doing it for a laugh.


----------



## Black Panther (May 4, 2013)

Tell him you're serious about calling the police. A joke for a couple of minutes might be ok, but if he persists...


----------



## saarxee (May 4, 2013)

By the way, my previous router did not work anymore since the attacks. It affects?
and we are purchase the TP-LINK router from ISPs.


----------



## remixedcat (May 4, 2013)

They are not a good friend


----------



## saarxee (May 4, 2013)

saarxee said:


> By the way, my previous router did not work anymore since the attacks. It affects?
> and we are purchase the TP-LINK router from ISPs.



answer please..


----------



## drdeathx (May 4, 2013)

Get one of these:






Knock on his door

Quickly pull the trigger on the stun gun

Watch him fall

Go back home and look at your animal porn


----------



## saarxee (May 4, 2013)

Possibly be serious?


----------



## remixedcat (May 4, 2013)

Make your friend get you a new router and pay for your connection for the next few years and also do what Dr. Deathx said


----------



## saarxee (May 4, 2013)

By the way, my previous router did not work anymore since the attacks. It affects?
and we are purchase the TP-LINK router from ISPs.


----------



## remixedcat (May 4, 2013)

You said that already and they prolly fried the poor thing.


----------



## TheoneandonlyMrK (May 4, 2013)

saarxee said:


> By the way, my previous router did not work anymore since the attacks. It affects?
> and we are purchase the TP-LINK router from ISPs.


Seems an odd pastime to me ,if it cost me one router already id have at least phoned your Friend and asked him to stop it especially as its the easist fix..


----------



## TRWOV (May 4, 2013)

Call you ISP, they are the ones with the power to stop this, they can filter his packets or (if he has the same ISP as you) suspend his connection.


----------



## Pehla (May 4, 2013)

Spameeeeerrrrr!!


----------



## NdMk2o1o (May 4, 2013)

Pehla said:


> Spameeeeerrrrr!!



THREADCRAPPERRRRRRRRRRRRRR 

I'm just messing, but you see my point, there is a report post button for a reason


----------



## remixedcat (May 4, 2013)

Also it's fire safety awareness month.Be careful or Smokey bear will rape you in the middle of the nite!!!


----------



## Aquinus (May 4, 2013)

W1zzard said:


> that wont work, unless your network connection has more bandwidth than the attacker has bandwidth. no matter what you set on the router, packets will still travel from your ISP to your router and congest your line



Which is better than letting the router process it. I would rather my connection get bogged down than my router get taken down by a DDOS attack. If you have a static IP, you don't run from your problems, you confront them. It's not the perfect solution but it is a solution and it does mitigate the problem regardless of the fact that the problem still exists. He might as well enable it, it won't hurt and it can only help.


----------



## Mindweaver (May 4, 2013)

I would brute force attack his router, and create such a havoc upon his home network that the only thing his pc would be good for, would be a door stop. I would have him carry fruit to my door step as payment while chanting my name to get me to stop... Mua.. hahaha He would find my brute force attach far more powerful than his ICMP attacks. Mua.. hahahaha j/k I don't know how to do that type of thing hehehe or do i?.. lol Actually, I would tell him if he ICMP attacks me one more time then he is gay! and if he does then you have your evidence he is a happy person.  Good luck!


----------



## AsRock (May 4, 2013)

W1zzard said:


> If you have a dynamic IP, just disconnect your router and reconnect so it fetches another IP.
> 
> There is nothing else you can do on your end to mitigate the attack, as it's overloading your incoming line. You could call your ISP and explain the situation, they can drop all packets from your friend before they enter your line, but this usually also means they'll inform the authorities



and if it's not he might be able get the settings and enter them manually, this way can make them change the ip address.  i used to do it with my isp which in my case took 3 days.

other wise complain to the isp as you said, but i would like to know how he knows his supposed friend is attacking him.


----------



## Mindweaver (May 4, 2013)

Yea, honestly I would do like W1zard said and get another IP. I would disconnect your modem to get a new Ip for your modem. If you disconnect your router you're only going to get a new ip in your lan and not your wan. You can check your wan IP by going to www.ipchicken.com. I would go there and write down your ip and then disconnect your modem and router and reconnect modem then router and go back to that website to make sure your IP changed. If that doesn't work then I'd call your ISP. What kind of modem are you using? do you have the admin password to it? if so then you can try like asrock said and manually change your ip. Just remember to change the last set. the _example 192.168.1.*X*_ you want to change the X. You can also connect to a proxy until he gets bored and stops. 
*
EDIT: When you disconnect I would wait 5 to 10 minutes before reconnecting to ensure you get a new IP.*


----------



## Aquinus (May 4, 2013)

Mindweaver said:


> Yea, honestly I would do like W1zard said and get another IP. I would disconnect your modem to get a new Ip for your modem. If you disconnect your router you're only going to get a new ip in your lan and not your wan. You can check your wan IP by going to www.ipchicken.com. I would go there and write down your ip and then disconnect your modem and router and reconnect modem then router and go back to that website to make sure your IP changed. If that doesn't work then I'd call your ISP. What kind of modem are you using? do you have the admin password to it? if so then you can try like asrock said and manually change your ip. Just remember to change the last set. the _example 192.168.1.*X*_ you want to change the X. You can also connect to a proxy until he gets bored and stops.
> *
> EDIT: When you disconnect I would wait 5 to 10 minutes before reconnecting to ensure you get a new IP.*



I thought a recommended a sure fire way to fool DHCP into giving you a new IP.



Aquinus said:


> If you use a spoofed MAC address on your router and restart your modem, DHCP will automatically get you a new IP. Just restarting the modem won't get you a new IP unless the lease time is incredibly short and more often than not I find that it's an hour or longer (mine is several days,) so the only way for me to force it to give me a new IP is by using a different MAC.


----------



## W1zzard (May 4, 2013)

Aquinus said:


> I thought a recommended a sure fire way to fool DHCP into giving you a new IP.



some implementations link the IP to your contract/login/physical line


----------



## Mindweaver (May 4, 2013)

Aquinus said:


> I thought a recommended a sure fire way to fool DHCP into giving you a new IP.



True he has to wait till his lease is up good call, if you don't get one after waiting say 10 minutes then yea try an hour..


----------



## AsRock (May 4, 2013)

Mindweaver said:


> True he has to wait till his lease is up good call, if you don't get one after waiting say 10 minutes then yea try an hour..



some routers tell you how long the lease is ( mine says there is a day left ).  As i said if you fix the details that the modem gives the router and use static IP on the router it will time it out sooner or later.


----------



## Mindweaver (May 5, 2013)

AsRock said:


> some routers tell you how long the lease is ( mine says there is a day left ).  As i said if you fix the details that the modem gives the router and use static IP on the router it will time it out sooner or later.



As does my cable modem, but this guy hasn't told us what modem he is using.. I just set up a company last week and they are using u-verse and I was very surprised that it was a modem/router/wireless device aio.. I have to say it was pretty cool little unit. I didn't setup it up... I just setup a few desktops for them. I would have liked to mess around with it, in my past I usually hate dealing with any at&t dsl hardware, but that was so much better than those others i've used. So, I wouldn't be surprised what this guy is using.


----------



## remixedcat (May 5, 2013)

Please, OP, specify what you are using in order for us to properly assist you.

If it's a "residential gateway" (modem/router combo) doing what you need to do to release and renew and obtain a new IP may be more diffcult. Also Some of those might not even have the proper config menu options to perform the action.


----------



## n0tiert (May 5, 2013)

a question , u have any service running like dydns (did i missed it) ? i wonder how he gets your IP all the time, if so disable it, change the dyndns name ....


----------



## micropage7 (May 5, 2013)

wait wait... how do you know the one who attack you is your friend?
if he said that, why dont you ask him to stop or....
yeahh. you know what i mean


----------



## Mussels (May 5, 2013)

using the settings in the router may not stop the attack, but to him it will LOOK like its not working.


call your ISP and ask for an IP change, or do the things already suggested in the thread (change MAC address, punch friend in the face, tazer him, etc)


----------

