DDOSing In Scape

[Capheraekton]

I've heard about this. I just don't understand why people are willing to do something illegal to cheat in a game.

[Riptide Mage]

In all honesty is pretty hard to get someones ip if they are smart.

 

 

 

Most, if not all basic virus software and firewalls block out the most simple ip getting methods.

 

 

 

Then as long as you only use well known or run by people you know and trust chat servers and forums you can be assured that all the mods etc who CAN see you're ip aren't gonna pull stunts like this.

 

 

 

Then of course don't click random links. If you don't know the person and the link isn't heading to a major site (eg mysapce, youtube, yahoo etc) don;t hit it.

 

 

 

Sure you can never be 100% safe but most of them time you gotta make an error for them to find these things out, I mean the reall advance ways you're never gonna block; but I doubt some nerdy rs hacker is gonna know or even use such high end methods.

 

Anti-virus and firewalls do nothing to prevent people from getting your IP, I think you are confusing your LAN and WAN ip addresses. Every time you connect to anything on the internet somebody gets your IP, its the only way for the connected-to server to know who/how to respond. A DDOS works by sending more packets of data than your bandwidth can handle, its not something software can handle, its a hardware/firmware issue. Most IM clients have exploitable methods of getting another user's ip just by knowing their username. Example: AIM - sending a specially formatted add-on connection packet can force a person using version 5.9 or lower to invisibly visit a webpage which can be used to record an IP or to attempt to hit the target with a malware payload. No router/firewall/switch can prevent a DDOS if the bot-herder has a large enough net, even systems running Cisco's anti-DDOS solution can be taken down with a large enough assault.

[Master_Smither]

Sigh....It was sad when they did it to Theuberelite and it is still sad now.

[Sy_Accursed]

In all honesty is pretty hard to get someones ip if they are smart.

 

 

 

Most, if not all basic virus software and firewalls block out the most simple ip getting methods.

 

 

 

Then as long as you only use well known or run by people you know and trust chat servers and forums you can be assured that all the mods etc who CAN see you're ip aren't gonna pull stunts like this.

 

 

 

Then of course don't click random links. If you don't know the person and the link isn't heading to a major site (eg mysapce, youtube, yahoo etc) don;t hit it.

 

 

 

Sure you can never be 100% safe but most of them time you gotta make an error for them to find these things out, I mean the reall advance ways you're never gonna block; but I doubt some nerdy rs hacker is gonna know or even use such high end methods.

 

Anti-virus and firewalls do nothing to prevent people from getting your IP, I think you are confusing your LAN and WAN ip addresses. Every time you connect to anything on the internet somebody gets your IP, its the only way for the connected-to server to know who/how to respond. A DDOS works by sending more packets of data than your bandwidth can handle, its not something software can handle, its a hardware/firmware issue. Most IM clients have exploitable methods of getting another user's ip just by knowing their username. Example: AIM - sending a specially formatted add-on connection packet can force a person using version 5.9 or lower to invisibly visit a webpage which can be used to record an IP or to attempt to hit the target with a malware payload. No router/firewall/switch can prevent a DDOS if the bot-herder has a large enough net, even systems running Cisco's anti-DDOS solution can be taken down with a large enough assault.

 

 

 

Learn to read.

 

 

 

Virus and firewall block out the SIMPLE methods.

 

 

 

Simple methods being the straight forward computer illiterate people can do it methods.

[nubbycubby]

Ahaha script kiddies have reached a new level! This is classic.

[Riptide Mage]

In all honesty is pretty hard to get someones ip if they are smart.

 

 

 

Most, if not all basic virus software and firewalls block out the most simple ip getting methods.

 

 

 

Then as long as you only use well known or run by people you know and trust chat servers and forums you can be assured that all the mods etc who CAN see you're ip aren't gonna pull stunts like this.

 

 

 

Then of course don't click random links. If you don't know the person and the link isn't heading to a major site (eg mysapce, youtube, yahoo etc) don;t hit it.

 

 

 

Sure you can never be 100% safe but most of them time you gotta make an error for them to find these things out, I mean the reall advance ways you're never gonna block; but I doubt some nerdy rs hacker is gonna know or even use such high end methods.

 

Anti-virus and firewalls do nothing to prevent people from getting your IP, I think you are confusing your LAN and WAN ip addresses. Every time you connect to anything on the internet somebody gets your IP, its the only way for the connected-to server to know who/how to respond. A DDOS works by sending more packets of data than your bandwidth can handle, its not something software can handle, its a hardware/firmware issue. Most IM clients have exploitable methods of getting another user's ip just by knowing their username. Example: AIM - sending a specially formatted add-on connection packet can force a person using version 5.9 or lower to invisibly visit a webpage which can be used to record an IP or to attempt to hit the target with a malware payload. No router/firewall/switch can prevent a DDOS if the bot-herder has a large enough net, even systems running Cisco's anti-DDOS solution can be taken down with a large enough assault.

 

 

 

Learn to read.

 

 

 

Virus and firewall block out the SIMPLE methods.

 

 

 

Simple methods being the straight forward computer illiterate people can do it methods.

 

 

 

The simple method is a SYN flood or using something like LOIC[Caution: Executable File] neither of which are a DDOS attack, they are DOS methods. Using a modified rBot isn't even complicated for the moderately computer literate user. And I do know how to read and how networking works. A DDOS is not something that an anti-virus has anything to do with. Anti-viruses block things from being installed or executed on a machine. Firewalls act as a filter, controlling what is allowed in or out. Even if your firewall is set to block all IP's except for Runescape's, the DDOS packets are still bombarding your connection, they are just not being allowed to reach the computer(s) the firewall is protecting, the DDOS still will choke your bandwidth no matter what you do. Only server farms, large DNS nodes, or similarly commercial/corporate systems stand a chance against a DDOS due to distributed connections/routing.

[Torlen]

It also isn't a ddos attack. A true ddos attack would have the FBI knocking on the kids door because it's very against the law and a very easy thing for your ISP to notice going on.

 

 

 

They use pod (ping of death) attacks which are similar, but not quite a ddos.

 

 

 

Anyone who this happens to should report it to their isp. My isp called me out and threatened to shut down my net because I opened a port remotely on someone elses computer with their permission.

[Sy_Accursed]

In all honesty is pretty hard to get someones ip if they are smart.

 

 

 

Most, if not all basic virus software and firewalls block out the most simple ip getting methods.

 

 

 

Then as long as you only use well known or run by people you know and trust chat servers and forums you can be assured that all the mods etc who CAN see you're ip aren't gonna pull stunts like this.

 

 

 

Then of course don't click random links. If you don't know the person and the link isn't heading to a major site (eg mysapce, youtube, yahoo etc) don;t hit it.

 

 

 

Sure you can never be 100% safe but most of them time you gotta make an error for them to find these things out, I mean the reall advance ways you're never gonna block; but I doubt some nerdy rs hacker is gonna know or even use such high end methods.

 

Anti-virus and firewalls do nothing to prevent people from getting your IP, I think you are confusing your LAN and WAN ip addresses. Every time you connect to anything on the internet somebody gets your IP, its the only way for the connected-to server to know who/how to respond. A DDOS works by sending more packets of data than your bandwidth can handle, its not something software can handle, its a hardware/firmware issue. Most IM clients have exploitable methods of getting another user's ip just by knowing their username. Example: AIM - sending a specially formatted add-on connection packet can force a person using version 5.9 or lower to invisibly visit a webpage which can be used to record an IP or to attempt to hit the target with a malware payload. No router/firewall/switch can prevent a DDOS if the bot-herder has a large enough net, even systems running Cisco's anti-DDOS solution can be taken down with a large enough assault.

 

 

 

Learn to read.

 

 

 

Virus and firewall block out the SIMPLE methods.

 

 

 

Simple methods being the straight forward computer illiterate people can do it methods.

 

 

 

The simple method is a SYN flood or using something like LOIC[Caution: Executable File] neither of which are a DDOS attack, they are DOS methods. Using a modified rBot isn't even complicated for the moderately computer literate user. And I do know how to read and how networking works. A DDOS is not something that an anti-virus has anything to do with. Anti-viruses block things from being installed or executed on a machine. Firewalls act as a filter, controlling what is allowed in or out. Even if your firewall is set to block all IP's except for Runescape's, the DDOS packets are still bombarding your connection, they are just not being allowed to reach the computer(s) the firewall is protecting, the DDOS still will choke your bandwidth no matter what you do. Only server farms, large DNS nodes, or similarly commercial/corporate systems stand a chance against a DDOS due to distributed connections/routing.

 

 

 

Still epic fail at reading, since my entire post was about letting them get your ip in the first place, not blocking an attack

[Riptide Mage]

It also isn't a ddos attack. A true ddos attack would have the FBI knocking on the kids door because it's very against the law and a very easy thing for your ISP to notice going on.

 

 

 

They use pod (ping of death) attacks which are similar, but not quite a ddos.

 

 

 

Anyone who this happens to should report it to their isp. My isp called me out and threatened to shut down my net because I opened a port remotely on someone elses computer with their permission.

 

 

 

Its illegal for ISPs to monitor your traffic under the wiretapping laws, so no, its not something ISPs can notice. Most DDOS attacks are launched by a botnet, and if it is a well built one or a user using a bit of common sense (like a proxy) it will not be possible to find the person who actually launched the attack. And the Ping of Death attack hasn't worked in over a decade. Ping flooding does work though, but it would be highly unlikely for a single user's upstream bandwidth to be greater than another user's downstream when the top tier cable internet speeds are capped at 25mbit/s down and 2mbit/s up.

 

 

 

 

Still epic fail at reading, since my entire post was about letting them get your ip in the first place, not blocking an attack

 

 

 

I still pointed out how neither anti-viral software or a firewall has anything to do with another person getting your IP.

 

 

 

 

Anti-virus and firewalls do nothing to prevent people from getting your IP, I think you are confusing your LAN and WAN ip addresses. Every time you connect to anything on the internet somebody gets your IP, its the only way for the connected-to server to know who/how to respond. ... Most IM clients have exploitable methods of getting another user's ip just by knowing their username. Example: AIM - sending a specially formatted add-on connection packet can force a person using version 5.9 or lower to invisibly visit a webpage which can be used to record an IP or to attempt to hit the target with a malware payload.

[Skull]

Who DDOS's for runescape stuff? Seriously, what a waste and pointless risk.

[Sy_Accursed]

And still epic fail at reading because the most basic straight forward ways of getting ips are blocked out by most firewalls.

 

 

 

If you note my psot was a progressive thing, I clearly said firewall blocked the basics and then listed the other wasy to dodge the more advance systems and that it was impossible to dodge all methods.

 

 

 

Its a fact THE most basic ways of getting an pc's IP is directly accessing their network due to a lack of firewall, along with a few remote assistance and other such base methods. All of which are so so so so basic, but all of whihc the firewall knocks out.

 

 

 

This does not mean there are no straight forward or relatively easy ways to do it. It means the most basic are blocked by a firewall

[Riptide Mage]

And still epic fail at reading because the most basic straight forward ways of getting ips are blocked out by most firewalls.

 

 

 

If you note my psot was a progressive thing, I clearly said firewall blocked the basics and then listed the other wasy to dodge the more advance systems and that it was impossible to dodge all methods.

 

 

 

Its a fact THE most basic ways of getting an pc's IP is directly accessing their network due to a lack of firewall, along with a few remote assistance and other such base methods. All of which are so so so so basic, but all of whihc the firewall knocks out.

 

 

 

This does not mean there are no straight forward or relatively easy ways to do it. It means the most basic are blocked by a firewall

 

You seriously have no idea what you are talking about. A firewall only filters packets, it doesn't prevent anything. Even if you are are behind a hardware firewall it will be either built into your modem or your router. The way a network works is the modem has an external (WAN) ip and all the machines connected to the router have internal (LAN) ips. http://en.wikipedia.org/wiki/Network_ad ... ranslation An attack does not need your LAN ip to launch a DDOS, they just target the WAN ip. An attacker does not have to "directly accessing their network due to a lack of firewall", the attacker doesn't even need to know anything about what is behind the router, and in fact unless the router has ports forwarded to the machines on the LAN the attacker cannot find out what is behind the router.

 

 

 

Example:

 

Timmy is on his home computer which is connected to his router which is connected to his cable modem. Since he is behind a router he has a LAN ip, his happens to be 192.168.1.103, his mom's computer in the other room is 192.168.1.102 and his brother's xbox360 is 192.168.101. Timmy's WAN ip as assigned by his ISP is 208.43.229.99. Timmy has been talking on MSN with John about having a deathmatch. John tells Timmy to watch this cool video of his last few fights, and Timmy stupidly clicks the link. The link looked like a link to youtube, but it actually first sent Timmy to a webpage with a PHP script that recorded his IP address and then redirected him to youtube. Timmy thought John kinda sucked so he decided to fight John. They met in some PVP zone and John told Timmy to attack him first. As soon as Timmy attacked John, John sent a command to his control bot which then instructed the rest of his bots to begin attacking the ip that his script had recorded, 208.43.229.99, his WAN ip. Timmy watched as suddenly he lost connection and his ags was surely doomed, his brother yelled in outrage as right before the final winning kill of the game he lost connection, and his mother exclaimed "what the hell?" as her game of online bingo froze. Behind the scenes millions of packets of data were being received by his modem and forwarded to his router with its built in firewall.

 

 

 

The moral of the story, your LAN ip means jack squat to an attacker, all they need is a choke point along path to your machine, target that, and your machine and anything else that relies on that connection will go down. The modem is a choke point because it must forward all the packets to the router, the router is a choke point because it must use NAT to determine which machine to forward the packets to, the firewall is an even bigger choke point because it must inspect every packet to see if it is allowed. Even if an attacker doesn't know your exact ip, but does know what part of a town you live in he can instead just target the node you connect to, example: 208.43.229.*** with a large enough botnet and knock a potential 255 houses offline.

[totalpwnage]

Vegetakid has a friend who has a mod account on RSC who gives him IP's apparently. He can get a lot of people's IP's.

 

Shame, as jagex is working with zybez to become more community friendly, too.

 

 

 

I fell victim to being ddos'ed in rs for not too much, and it was a weak attack too. (only lagged me out for like 10 seconds)

 

 

 

 

 

 

Basically what they've done is they've done something like advertise a torrent on some tracker, something that advertises like... a World of Warcraft keygen or something. people download it, run it, and boom, their computer is free for the original hoster to use for an attack. it only has to be to ping other people with 1024 KB packets. Once they have your IP, they send a request to a bunch of those computers to ping you all at once, which overloads your downloading, thus meaning that you're downloading so much that instead of downloading packets from RS, you're getting completely useless 1024 KB packets from random computers.

 

 

 

if you start lagging, immediately start hittin tele, cause chances are it actually WILL go through.

 

 

 

Its a fact THE most basic ways of getting an pc's IP is directly accessing their network due to a lack of firewall

 

No, every post on here logs your IP, you know that right?

 

Websites can get your IP easily, even forums can get your IP.

[wolfmon56]

DDos'ing is very old and use to be a thing only very few people knew how to do. Now everyone knows how to do it and it's very common and quite idiotic.

 

 

 

Also, just get a dynamic IP and change it once a week and you're most likely fine.

 

 

 

Also all I have to say is... Vegetakid... :lol: LooooL :lol:

[Sy_Accursed]

It still stands that without a firewall anyone can jump onto your network and thus find your ip.

 

 

 

With a firewall people cannot directly jump onto your network.

 

 

 

Therefore firewall blocks out the basic way msot direct way of finding someones IP.

 

 

 

You seem to be udner the dellusion I am claiming a firewall to be some miracle block that can stop almsot any way of getting your ip.

 

 

 

I am NOT.

 

 

 

I am simply saying a good firewall will block out A FEW of the VERY BASIC ways of obtaining a users ip.

 

 

 

As my original post stated only using trusted forums and chat servers is a measure of protection, as their logging of your ip is an obvious weakness.

 

 

 

And avoiding links from thoose who don't know that go to none mainstream sites is another method as they can lead to things that grab your ip.

 

 

 

It is not possible to be outright protected, or to divert any sizeable attack on you.

 

 

 

However it is perfectly valid that the most direct and simple way to obtains someone's ip is by getting onto their network directly, and that this is easily stopped by having firewalls in place to control who/what can access the network.

[Riptide Mage]

It still stands that without a firewall anyone can jump onto your network and thus find your ip.

 

 

 

With a firewall people cannot directly jump onto your network.

 

 

 

Therefore firewall blocks out the basic way msot direct way of finding someones IP.

 

 

 

You seem to be udner the dellusion I am claiming a firewall to be some miracle block that can stop almsot any way of getting your ip.

 

 

 

I am NOT.

 

 

 

I am simply saying a good firewall will block out A FEW of the VERY BASIC ways of obtaining a users ip.

 

 

 

As my original post stated only using trusted forums and chat servers is a measure of protection, as their logging of your ip is an obvious weakness.

 

 

 

And avoiding links from thoose who don't know that go to none mainstream sites is another method as they can lead to things that grab your ip.

 

 

 

It is not possible to be outright protected, or to divert any sizeable attack on you.

 

 

 

However it is perfectly valid that the most direct and simple way to obtains someone's ip is by getting onto their network directly, and that this is easily stopped by having firewalls in place to control who/what can access the network.

 

You don't get it, there is 100% no need to "jump onto your network", you can't even do that unless the default settings on the router have been modified to allow for VPN connections. The firewall itself WILL and DOES have an ip, and that is the ip that attackers use, the WAN ip, not your LAN ip which anything on the network uses to communicate to other things on the network. Did you even read the link on NAT?

 

 

 

You seem to be under the delusion that a firewall does not have an IP of its own. Read some books about networking or take a class in it before you further spread your misknowledge.

[Sy_Accursed]

Ergh try and open you're mind for a second.

 

 

 

Connecting to the network is NOT AT ALL IN ANY WAY SHAPE OR FORM REFERING TO HOW THE ATTACK HAPPENS.

 

 

 

It is simply refering to the fact if you connect to a network you can directly with zero effort get the ip for all things on that network, whatever form of ip they are. The ip for each device router modem etc.

 

 

 

A firewall hardware helps to secure you're network meaning you need permission to be on it.

 

 

 

Therefore the firewall knocks out 1 basic method of obtaining your ip.

 

 

 

I am in no way claiming anything u seem to be saying I am, I am claiming what I am saying. A firewall allows you to stop people getting onto your network, getting on your network is a way to get your ip to launch a DDOs attack.

 

 

 

Yes newer routers and mdeoms have these settings automatically but many older routers and users don't.

 

 

 

My laptop sitting in my bedroom picks up 8 different networks, only 2 of which are secured. The others I can happily connect to and obtain ips etc with no effort.

[Riptide Mage]

Ergh try and open you're mind for a second.

 

 

 

Connecting to the network is NOT AT ALL IN ANY WAY SHAPE OR FORM REFERING TO HOW THE ATTACK HAPPENS.

 

 

 

It is simply refering to the fact if you connect to a network you can directly with zero effort get the ip for all things on that network, whatever form of ip they are. The ip for each device router modem etc.

 

 

 

A firewall hardware helps to secure you're network meaning you need permission to be on it.

 

 

 

Therefore the firewall knocks out 1 basic method of obtaining your ip.

 

 

 

I am in no way claiming anything u seem to be saying I am, I am claiming what I am saying. A firewall allows you to stop people getting onto your network, getting on your network is a way to get your ip to launch a DDOs attack.

 

 

 

Yes newer routers and mdeoms have these settings automatically but many older routers and users don't.

 

 

 

My laptop sitting in my bedroom picks up 8 different networks, only 2 of which are secured. The others I can happily connect to and obtain ips etc with no effort.

 

You completely do not get the fact that a LAN ip is useless and has nothing to do with a DDOS, there is only one ip that matters in a DDOS, and that is the WAN ip. The firewall doesn't "knock out" anything, since if you can connect to where the firewall is located you know the ip already.

[Sy_Accursed]

You still utterly fail in comprehension.

 

 

 

An unprotected network you can get ANY ip you want off with NO effort.

 

 

 

A protected network you CAN get the ip off but it requires slightly more effort.

 

 

 

Therefore a protected network, via means of a hardware firewall is marginally safer from the 100% base line of ip grabbing.

 

 

 

It's not gonna do a huge amount to save you if a serious DDOS wants you, but the hardware firewall of your router DOES do a little bit to protect you from a very basic level of this type of attack as it means getting you're ip requires slightly more effort.

[NuckingFuts]

Therefore the firewall knocks out 1 basic method of obtaining your ip.

 

 

 

I am in no way claiming anything u seem to be saying I am, I am claiming what I am saying. A firewall allows you to stop people getting onto your network, getting on your network is a way to get your ip to launch a DDOs attack.

 

 

 

You were before talking of the "simple/basic methods"?

 

Getting onto someones network before hand seems like a fairly long and pointless method to take if you ask me, Especially seeing as an IP can be obtained from the victim simply having to view a website.

 

 

 

 

Learn to read.

 

Virus and firewall block out the SIMPLE methods.

 

Simple methods being the straight forward computer illiterate people can do it methods.

 

 

 

Wrong. An Anti-virus and firewall does not block the "simple" method, because the simple method of grabbing the IP would be from a forum/IRC, or simply setting up some free hosting and getting a script to email you the IP of anyone who visits it (yes, Google makes that part easy)

 

 

 

The Anti-Virus and Firewall helps prevent stop someone getting onto your computer through the WAN IP, correct, but why you would mix this up with being a simple method of getting someone's IP I don't know.

 

 

 

Your logic is based upon someone's unprotected network (LAN), well that's going to be local and from their router. So unless you feel like sitting outside their house every time you need but a simple IP address, then have fun -.-

[Sy_Accursed]

you dont need to be outside their house to get on their network.

 

 

 

If you have contact with them you can effectively jump onto their network.

 

 

 

If you can do this you can directly learn thier ip without need of other methods that involve more work.

 

 

 

It still stands perfectly valid the hardware firewall tht controls who/what can access you network act as a line of defence agaisnt 1 of the simple methods of getting your ip in order to launch a DDOS attack or w/e

[NuckingFuts]

 

If you have contact with them you can effectively jump onto their network.

 

 

 

 

If you have contact with them you can effectively get their IP without a jump onto their network. What is it with you can getting onto the LAN when you would clearly already then know the WAN IP?

[n64jive]

I think I see what Paw is trying to say, but the chance that your attacker is within distance of picking up your LAN, is very unlikely, so having a firewall, or securing your router, or whatever you're trying to say, is a very small portion of the problem at whole.

 

 

 

These bots don't install viruses on your computer, and they don't even get any sort of access to your computer. All they do is flood your bandwidth with connection requests. LJ's explanation about Timmy and his family explains it pretty clearly. As of right now, internet connections are mainly point-to-point. Like a multi-lane tunnel, you only need to make 1 point 1 lane in order to slow down traffic. So pretty much if a tunnel has traffic going from a-f with points b,c,d,e in between, if you increase traffic at any point, the traffic behind it is going to be slowed down.

 

 

 

Back to the bots, this is how they work. Imagine your in a chat room, and you're talking to people, everything is going like it should. All of a sudden, user1242 starts saying "Hey Room, Is anyone here?" every second for 10 minutes. It's going to be pretty hard to communicate in that chat room. The bot pings your address thousands of times, slowing down traffic, causing runescape to lag, causing jagex systems to detect the slow incoming traffic from your location, which they treat by disconnecting you from the server until traffic increases again.

 

 

 

Because the script kiddies are novices most of the time, a simple solution that if I suspect i'm going to be doing something where a person who has my IP may know that, I'll stop all my outgoing/incoming connections that I can control, activate a script that I have that lets me know of all incoming requests and their volumes, and sends outgoing requests back to the address of the incoming requests that I choose. So far this has worked for me(I have been DDOS during a few wars back in the day, and I developed this after that, and from then on out I didn't have any problems).

 

 

 

I havn't been in the clan scene for quite some time, so my name is kind of off the radar, so I don't usually use it anymore(in fact, it's on my old HDD, and I havn't even spent the time to put it on my new one.

[Sy_Accursed]

I just find it moronic that I orginally posted a nice and helpful post covering the sheer basics of how to avoid most of the simple ip grabbing methods. Keeping it in nice simple terms since not everyone is tech savvy yet foolish people have to try and dissect what I said.

 

 

 

Firstly by picking out the opening phrase and ignoring the fact many of the other issues they mention I did cover in my initial post and also trying to insist I was claiming all kinds of crazy things when my claim was simple:

 

 

 

A firewall that controls who/what accesses your connection blocks out a simple method of ip grabbing.

 

 

 

Nothing wrong with that at all, its a perfectly true statement.

 

 

 

If I had said it was fool proof, or blocked them all, sure take issue. But I didn't.

 

 

 

I even went on to cover forums and links and acknowledge that there was little you could do about most determined attackers.

[Riptide Mage]

You still utterly fail in comprehension.

 

 

 

An unprotected network you can get ANY ip you want off with NO effort.

 

 

 

A protected network you CAN get the ip off but it requires slightly more effort.

 

 

 

Therefore a protected network, via means of a hardware firewall is marginally safer from the 100% base line of ip grabbing.

 

 

 

It's not gonna do a huge amount to save you if a serious DDOS wants you, but the hardware firewall of your router DOES do a little bit to protect you from a very basic level of this type of attack as it means getting you're ip requires slightly more effort.

 

My point is that the LAN ip means NOTHING, an attacker doesn't need to know your computer's 192.168.xxx.xxx ip, that is a LAN ip and is totally worthless as a target. When you connect to a website the site sees your WAN ip, and not your LAN ip, your router uses NAT to determine which user behind the router what packets are intended for. In a DDOS situation the packets are not intended for anyone, they are simply sent to the WAN ip and slow the network from there. All it would take for me to DOS you would be to embed an image in this post that is hosted on my webserver, see what ip address sent the GET request, use netcat from my 100mbit/100mbit dedicated server to send a stream of SYN packets towards your ip and you wouldn't be able to do anything online until I decided to stop since the server is unmetered and all residential ISP cap the downstream bandwidth. Please tell me how a firewall or "getting on a network" has anything to do with that? If I were to do that your router would only be receiving a quarter of the packets I sent (assuming 25mbit cap) and the rest would be lost or queued up at the node your ISP uses to assign your ip, if the queue was particularly long you might even feel the effects of the DOS a while after I stopped.

 

 

 

you dont need to be outside their house to get on their network.

 

 

 

If you have contact with them you can effectively jump onto their network.

 

For this to happen the router has to be set up to allow VPN (virtual private networking) which requires a user naem and password to remotely join the LAN, connecting to an unsecured wireless access point is an entirely different, unrelated, situation.

 

 

 

 

If you can do this you can directly learn thier ip without need of other methods that involve more work.

 

 

It takes 0 work to host a php script that records REMOTE_ADDR or type /WHOIS in an irc chat.

 

 

It still stands perfectly valid the hardware firewall tht controls who/what can access you network act as a line of defence agaisnt 1 of the simple methods of getting your ip in order to launch a DDOS attack or w/e

 

A firewall doesn't magically make the packets disappear, your router/modem are still going to be flooded by an overwhelming amount of data preventing anyone connected to said modem/router from doing anything online. You still don't understand that there is a difference between a LAN and a WAN ip address. There is no need for an attacker to know your computer's LAN address, all he/she needs is your modem/router's WAN address to take down the entire network.