Slow internet speeds?? You might be a victim of a DDOS from other Xbox live players.
I have Verizon Fios at my home. I recently upgraded to the 50/25 plan. The speed difference is remarkable.
HOWEVER, for the past week or so, I noticed a serious slowdown. I started looking at www.speedtest.net and speedtest.verizon.net. I was averaging speeds of 10/25. NOTE – the problem I am describing here is not specific to Verizon Fios. You can be a victim of the type of attack listed here regardless of the IP you are using. The attack is known as a DDOS (Distributed Denial of Service). Hacked computers are networked together in what is known as a ‘botnet’.
I called Verizon several times and the reset the ONT at their end. In most cases, the speed came back up. I am on a dynamic IP and had not taken note of the IPs before and after. My guess is that I had been assigned a new IP.
It happened again and Verizon scheduled a tech to come out. He did some testing and ran an ethernet cable from the ONT to the verizon router. Speeds were back up.
A day or so later, I noticed slow speeds. When working with FIOS support, I plugged my netbook right into the ethernet port on the ONT. I was still only getting 10/25. That ruled out problems with my verizon router or home ethernet wiring.
I started to think and did some research. My son plays Xbox Live. It appears that there is a huge market in the Xbox community for what is known as ‘host booting’. An xbox gamer pays a botnet to attack someone’s ip. (Perhaps twenty bucks or so). The botnet then floods the public IP of your FIOS connection.
Shutting down the Xbox will not stop the attack as it seems to be directed at the public IP of the FIOS connection (Or any other connection such as Comcast, Roadrunner etc).
What led me to this conclusion was :
- Host booting is a known issue with Xbox. Their ‘support’ says to reboot your router. However, that does not always give you a new public IP
- I was testing the speeds and everything was fine until my son started playing. It seems that there is some automated system that looks for his xbox ID and then starts a DDOS attack on our public IP.
- The upload speeds remained constant. (Actually around 30+ MBS) It was only the download speeds that were affected.
- It seems that there is a time limit on the attack once you go offline. After about 2 hours of having the xbox shut down, speeds came back up. When speeds came back up to 50/25, my son restarted the Xbox. HOWEVER, he set his status to “Appear offline”. This time, the speeds remained at 50/25
- Test it at Speedtest.net. If you test from the same machine, there is a log of previous speeds.
- Have the Xbox user logon and start playing. Keep testing every 10 minutes or so with Speedtest.net or other speed checker and see if the download speed drops. If so, then you are probably a victim of a Xbox related DDOS.
- Call your ISP and try to get a new IP AFTER setting the xbox to “Appear Offline”.
- If the speed remains at your normal levels, then you are probably a victim of an Xbox related DDOS.
- Computers with vulnerabilities are hijacked by botnet providers. Vulnerabilities include not having the latest security patches, not running current antiviruses, running vulnerable programs etc.
- The botnet providers offer a kind of ‘hitman’ service. IOW, for a fee, they will attack anyone you want.
- Some of the games on xbox offer tournaments with tens of thousands of dollars in prize money. This is motivation enough for some people. Other people simply want revenge against the player who killed them in a game. Either way, the going rate for DDOS attack is something like twenty dollars.
- Xbox’s DDOS ‘help’ page http://support.xbox.com/en-US/xbox-live/connecting/dos-attacks-faq
- http://blog.spywareguide.com/2009/02/hackers-use-diy-botnets-to-ddo.html This is some more information on botnet attacks on gamers.
UPDATE 5/7/13 – I found a good tutorial here on how to defend against DDOS attacks. A VPN looks like a possible solution but the game referenced in the article appears to be a PC game, not an XBox game. This problem will grow until the ISPs put tools and procedures in place to protect their users against these DDOS attacks. Perhaps a few highly publicized cases of some punk being sentenced to five years of “Don’t pick up the soap if you drop it” would help.
- Verizon FIOS – A wireless SSID mystery solved – Two SSIDs showing
- Another dying Actiontec Router from Verizon Fios
- GREAT NEWS- Botnet operators arrested…!!!!
- GoDaddy hacked. Sites offline
- FBI claims 1 million infected computers id’d in operation Bot Roast
- Comcast issues Jersey Shore July 2015 UPDATE
- SprintPCS broadband at the Homestead in Hot Spings, Va
- SOLVED – WPS Hide Admin not working after deploying HTTPS in WordPress