Thoughts, information and reflections about technology

Slow internet speeds?? You might be a victim of a DDOS from other Xbox live players.

I have Verizon Fios at my home. I recently upgraded to the 50/25 plan. The speed difference is remarkable.

HOWEVER, for the past week or so, I noticed a serious slowdown. I started looking at www.speedtest.net and speedtest.verizon.net.  I was averaging speeds of 10/25. NOTE – the problem I am describing here is not specific to Verizon Fios. You can be a victim of the type of attack listed here regardless of the IP you are using.  The attack is known as a DDOS (Distributed Denial of Service). Hacked computers are networked together in what is known as a ‘botnet’.

I called Verizon several times and the reset the ONT at their end. In most cases, the speed came back up. I am on a dynamic IP and had not taken note of the IPs before and after. My guess is that I had been assigned a new IP.

It happened again and Verizon scheduled a tech to come out. He did some testing and ran an ethernet cable from the ONT to the verizon router. Speeds were back up.

A day or so later,  I noticed slow speeds. When working with FIOS support, I plugged my netbook right into the ethernet port on the ONT. I was still only getting 10/25. That ruled out problems with my verizon router or home ethernet wiring.

I started to think and did some research. My son plays Xbox Live.  It appears that there is a huge market in the Xbox community for what is known as ‘host booting’. An xbox gamer pays a botnet to attack someone’s ip. (Perhaps twenty bucks or so).  The botnet then floods the public IP of your FIOS connection.

Shutting down the Xbox will not stop the attack as it seems to be directed at the public IP of the FIOS connection (Or any other connection such as Comcast, Roadrunner etc).

What led me to this conclusion was :

 

  • Host booting is a known issue with Xbox. Their ‘support’ says to reboot your router. However, that does not always give you a new public IP
  • I was testing the speeds and everything was fine until my son started playing. It seems that there is some automated system that looks for his xbox ID and then starts a DDOS attack on our public IP.
  • The upload speeds remained constant. (Actually around 30+ MBS) It was only the download speeds that were affected.
  • It seems that there is a time limit on the attack once you go offline. After about 2 hours of having the xbox shut down, speeds came back up. When speeds came back up to 50/25, my son restarted the Xbox. HOWEVER, he set his status to “Appear offline”. This time, the speeds remained at 50/25
If it appears that your internet connection is slow:
  • Test it at Speedtest.net. If you test from the same machine, there is a log of previous speeds.
  • Have the Xbox user logon and start playing. Keep testing every 10 minutes or so with Speedtest.net or other speed checker and see if the download speed drops. If so, then you are probably a victim of a Xbox related DDOS.
  • Call your ISP and try to get a new IP AFTER setting the xbox to “Appear Offline”.
  • If the speed remains at your normal levels, then you are probably a victim of an Xbox related DDOS.
Unfortunately, xbox seems to not be very proactive in solving this. Realistically there isn’t much they can do since the attacks are launched outside the Xbox system.
SUMMARY – Here is what happens.
  1. Computers with vulnerabilities are hijacked by botnet providers. Vulnerabilities include not having the latest security patches, not running current antiviruses, running vulnerable programs etc.
  2. The botnet providers offer a kind of ‘hitman’ service. IOW, for a fee, they will attack anyone you want.
  3. Some of the games on xbox offer tournaments with tens of thousands of dollars in prize money. This is motivation enough for some people. Other people simply want revenge against the player who killed them in a game. Either way, the going rate for DDOS attack is something like twenty dollars.
Unfortunately there are too many idiots who own computers and don’t have them locked down to prevent their being used in a botnet.  This fiasco has cost me over ten hours of what would otherwise be productive time.
I could put a packet sniffer on my network. However, I’m not sure I can see the packets coming into the public side of our internet connection. Even if I could, all I would get would be the IPs of the many individual hacked computers making up the botnet. That would not necessarily lead me to the botnet owner or the gamer who paid for the attack. All it would do would be to prove that there was a DDOS against my IP.
Another possibility would be to do the gaming through a proxy. In other words, the XBOX would connect to a proxy server. Any botnet attacks would be against the proxy. However, I would assume that the proxy provider would eventually ban us from using their services.

UPDATE 5/7/13 – I found a good tutorial here on how to defend against DDOS attacks. A VPN looks like a possible solution but the game referenced in the article appears to be a PC game, not an XBox game. This problem will grow until the ISPs put tools and procedures in place to protect their users against these DDOS attacks. Perhaps a few highly publicized cases of some punk being sentenced to five years of “Don’t pick up the soap if you drop it” would help.

Similar Posts:

One Response to Slow internet speeds?? You might be a victim of a DDOS from other Xbox live players.

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact me
Archives
Categories
Amazon Disclosure

We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.