Friend getting packeted by somebody intentionally, can we do anything?

[kukyfrope]

A friend and teammate of mine in an online multiplayer game has become the victim of intentional and malicous packeting by one or more people. His internet is fine until we start our official league matches, within minutes his ping is lagging out and he will time-out of the server. Within minutes of the match concluding, his ping is back to normal. He's very unliked by a few people that would do something like this.

Is there anything he can do to prevent this from happening? Anything on his router? Could his ISP do anything? Maybe change his IP?

 

[skyking]

If it is people he is gaming with, changing the IP will do nothing. they will figure out a way to find out the new IP.
If it is someone who can get a look at one of his emails, the IP is right there too.

 

[Woodie]

The ISP is the most likely to be able to help. Willing? Not sure.
Depending on his firewall(router?), he may be able to improve things somewhat. It's a question of how much he can configure the firewall, and how much he can figure out about the type of DOS attack he's undergoing. The ISP may be willing to assist, since it will affect their network to some extent.

 

[Atheus]

First you want to run a packet sniffer like Ethereal to check if that is in fact the problem. You would be looking for huge increases in incoming SNMP traffic or something like that.

If he really is being targetted the next step is to identify the sources, Ethereal will tell you this. You want to find out if it's multiple sources or a single one. If it is a single (or very few) address the best move would be to contact the admin of the offending machine(s) and tell them they are being used to launch attacks. It might even turn out the source is a home PC belonging to one of the people on the game server, if so, you will be able to get them cut off by calling thier ISP.

If it's coming from many sources then you are likely the victim of a botnet. There's not a whole lot you personally can do about this unless you want to set up some DoS prevention technology... it's possible to mitigate the effects of a medium sized DoS with an advanced firewall system such as cisco or modified Linux systems, but it's a significant effort. In this case You should probably call the ISP.

 

[BSEagle1]

You also might consider contacting your gaming league if you have suspicions of who might be doing it

 

[blemoine]

what i would do is setup a Linux Based firewall like IPCOP or Endian Firewall. you can set the WAN interface to not respond to pings. It also comes with a Intrusion Detection (Snort) System. i beleive you can set snort to run active so that it will block attacks and not just log them. an alternative to this would be to buy a cheap SOHO router that has an Intrusion Prevention System built in.

 

[spidey07]

not much you can do really, except report it as abuse from the sending IP addresses and have your buddy report it to his ISP.

otherwise there is literally nothing in the world you can do to stop the inbound packets. no firewall or anything can stop this.

Running ethereal to capture what is going on and identifying the sources is a good idea.