Anyway to prevent DOS attacks on a network caused by Xbox Live?

Discussion in 'Networking & Security' started by Mopower, May 9, 2014.

  1. Mopower

    Mopower Gawd

    Feb 13, 2006
    I work for a small phone company. We have about 800 DSL customers. Last night one of our customers got denial of service attacked due to pissing someone off on Xbox Live.

    This caused our whole network to crash. We have 200Mb/s from our ISP for our customers and it was maxed out because of it. I isolated the destination address on our network and had the ISP make a rule in our router that took all the traffic sent to that IP address and redirected it to nowhere. This fixed the problem.

    So my question is are there any ways to prevent this? Our internet router connected to our ISP is a Cisco 4948E. I read online that Cisco IOS has a few ways to help prevent this? But I am not fluent in Cisco and our router is managed by our ISP so they would be making any changes to the router.

    Any ideas on how to prevent this in the future?
  2. mi7chy

    mi7chy 2[H]4U

    May 22, 2013
  3. mwarps

    mwarps [H]ardness Supreme

    Oct 6, 2002
    If you use BGP, you can null route the /32, too.

    ISPs can also scrub as mentioned above, but it's painfully expensive if the DDoS is long-lasting or large.

    I'd drop your customer like a brick, btw, unless you enjoy pain.
  4. Red Squirrel

    Red Squirrel [H]ardForum Junkie

    Nov 29, 2009
    I work for a larger ISP and it's an issue for us too. We pretty much do the same thing as you, null route the IP. I personally have nothing to do with the process, but I see the alarms come in for it. It's from a program called Peakflow SP. Interestingly us too it's usually Xbox live related.

    Xbox Live is serious business, it seems.
  5. MrGuvernment

    MrGuvernment [H]ard as it Gets

    Aug 3, 2004
    200Mb, no, that is nothing this day in age, you would need outside DDoS protection either from your ISP or Prolexic or Neustar and it isnt cheap.

    Be curious to know how people are getting users IP address to hit them on..
  6. bds1904

    bds1904 Gawd

    Aug 10, 2011
    Was it a DNS amplification attack? If it's your hardware at the customers prem then you need to change the settings on the router not to accept requests from the WAN. If it's not the ISP's hardware at the prem then the ISP should disconnect the user until they fix the security problem with their router.
  7. PornoSatan

    PornoSatan 2[H]4U

    Sep 3, 2004
    I don't have an Xbox so this question might seem off, but in order for any of this to be possible, the multiplayer games must be peer to peer then right? Becasue if it was client->server there would be no way for people to find someone's IP.