Re: Been getting DDoSed, how do i change my ip?[ Edited ]
09-29-2013 03:37:23 PM - edited 09-29-2013 04:01:56 PM
I too am getting denial of service but not a distributed denial. Not sure what state or city you are in but I am in Kansas City, Mo. I worked extensively with AT&T's 2nd tier support about 3 months ago. The work I did with them went on for about3 weeks, maybe 4 nights a week For anywhere from 20 minutes to 4 hours each time.
When you have a technical issue that is being caused by a remote human hacker like a bot herder running a bot net or an internal Trojan, worm that controls your computer remotely or you have a vulnerability, such as a back door in the O.S. or an erroneous external IP Address, the resolution process can be lengthy. By requesting that technical support elevate your issue to 2nd tier support can save you considerable time and frustration. If your request is granted you will gain important benefits. I have found that grants and denials for second tier use two qualifiers.
a) the level of difficulty associated with the problem. If an issue can be settled at the primary level elevation is not an issue.
b) the level of knowledge and ability of the customer to accurately interperet symptoms and results that can accurately assist the tech at AT&T.
Grant benefits are;
1)They give you a 2nd tier support call in number accompanied by an authorization code. This eliminates all caller screening and menu prompting and usually gets you hooked into a tech quickly.
2) The techs in 2nd tier are more knowledgable to meet the technical level of support needed in support cases that are worthy of elevation.
3) It's not guaranteed but the odds of being able to contact with the same tech each call in session significantly increase.
With my issue, which may be the same as yours, I was able to get one tech to handle most of my sessions. This is dire lest you endure frustrations of repetition. But there were sessions I initiated at a time when the committed volunteering tech was off work. Not very productive sessions either.
I originally, as you report, construed my network to be suffering DOS attacks as well largely because I was being run in circles with numerous, sometimes constant redirects. Many redirects employed malicious server destinations, fake web pages, etc. I assumed they were tactics employed by an internal bot as a result of bot net recruitment of my computer. Which began with a Trojan infection from W32 Trojan.dropper. A Trojan within a Trojan in that payload
querie results for .dropper we're not real serious. But I failed to consider the verb that comprises it's name, "dropper". Thus, while Trojan.dropper was not dangerous innately, some of the malware it is capable of harvesting on a net run and dropping in your computer is.
The root of my DOS was found to be my external IP address. The address was what ARIN termed, "Retentive". Retentive IP addresses are addresses that ARIN designates as unassignable to ISP dynamic allocation pools. All computers use some IP addresses in an internal way to provide internal mappings for component object model routing and locating on the local system. The malware infecting my system was able, at the instruction of a remote human hacker, to acquire an ARIN retentive and unassigned for public use IP address and swap it out with my external IP. The result was ARIN monitoring saw me as an infected computer because the IP was bogus. What ARIN termed, "bogon" or "bogus logon". The majority of business web servers advantage filtering specifically designed to stop these bogus logons from entering their sites due to their untraceable and unauthorized attributes. A denial of service my a legitimate source protecting its own network from my computer.
ARIN refused to help me as they understood the futility in the reassignment of a new number. Reassignment does not address the root of the problem. Infection is at the root. AT&T tried to help me by selling me a static range of IP addresses that I manually assigned to all the devices on my network. I through out the Windows based computer and bought an iPad. The infection anchored on the hard drive of my ATT DVR which uses Windows CE For its OS. From there the infection made managing the static block of ips a bit like pushing a wheel barrel full of cats. The iPad was unaffected. I bought another windows based Dell. Ruined in a month. This thing has been with me for 1.5 years now. It's akin to having herpes I suppose. Most folks don't know I have it. As long as I don't attempt to reprocreate. (use a windows based computer). Now we know how bot net strings 13 million computers together.