3

There did not seem to be any SO community dedicated to computer security, so I'll ask here...

As the title implies, my home IP (supposedly) was involved in a DDoS attack.

I got a phone call from a computer technician involved in a website, who said his servers had been attacked, and that my home IP was in the logs.

I had never heard of that website before, and the guy seemed sincere. He said there had been several DDoS attacks, and he gave me a call to try and sort things out. He also complained to the company hosting his servers. He said the hosting company gave him my phone number, as there is a landline phone associated with the box.

Anyway, I don't know the first thing about IP addresses and DDos attacks. So I'll ask you:

  • can an attacker use/fake my IP address to commit a DDoS attack?
  • does it have to be someone in my neighborhood, connected to my wifi network, or can an attacker use my IP address remotely?
  • can a computer virus be responsible and attack indiscriminately?
  • can mac computers have such a virus?
  • what should I do, if such a think really did happen?

Thank you...

Manube
  • 133
  • 1
  • 5
  • 1
    http://security.stackexchange.com – armani Apr 03 '15 at 21:25
  • thank you, will try it... should I delete it from here? – Manube Apr 03 '15 at 21:25
  • No, it'll be flagged an moved by moderators. Definitely do not crosspost. – R-D Apr 03 '15 at 21:26
  • ok then, thank you! Is it the way it works on superUser, or can moderators move questions around from any community? – Manube Apr 03 '15 at 21:29
  • For the record, I wasn't saying you should MOVE your question to that SE community, just confirming that a SE community for computer security does exist. – armani Apr 03 '15 at 21:30
  • ok, thanks. And I already got an answer. Oh, but it's you :) – Manube Apr 03 '15 at 21:31
  • Yeah, that was me :) – armani Apr 03 '15 at 21:31
  • 4
    I don't see that this is particularly off topic here. I'd be more worried about the guy phoning being a social engineering attack to get access to your computer. He didn't get you to visit any very specific sites or install any software by any chance? – Mokubai Apr 03 '15 at 21:37
  • Or did he just loose interest once you mentioned you had a Mac? – Mokubai Apr 03 '15 at 21:40
  • no, nothing like that. He gave me his name, website and mobile phone number. He seemed just annoyed at having his servers crashed. – Manube Apr 03 '15 at 21:42
  • 2
    I don't believe he could get your number like that, and if he did in the US at least your ISP could be in serious trouble... – Austin T French Apr 03 '15 at 21:48
  • right, I will call my ISP and look into it... – Manube Apr 03 '15 at 21:57
  • 1
    I agree with @Mokubai. This seems more like a scam. Normally people can't get your contact details just by IP address. They can find your ISP but your ISP should not hand out your contact details but instead contact you directly. Also, on what date were you contacted? It is closely past April Fools day. This could be an elaborate prank as well. – LPChip Apr 03 '15 at 22:23

1 Answers1

3

Yes, an attacker can both use and fake your IP to commit a DDoS. Crafting packets with a spoofed source IP is all too easy to do. To actually use your IP, there are several reasons - you could have a device on your network that is compromised (virus or otherwise), yes a Mac can get a virus like that, or even your Internet-facing router could be compromised. Basically, all of the fears you listed are possible.

As for what to do? I would start with reviewing your router logs and place a packet sniffer between your router and ISP equipment. If you see strange stuff originating from inside your network (especially look for stuff destined for that guy's servers), you can assess each device individually if feasible, with malware scanners and such.

armani
  • 586
  • 2
  • 8
  • right, thank you. I will try that Avast for mac thing, contact my ISP. It's actually just one box with a fixed IP, where everything is centralised: wifi, television, telephone... should I set it to dynamic IP? – Manube Apr 03 '15 at 21:38
  • You don't set whether your ISP connection is static or dynamic; your ISP does. If you were to obtain a new IP from your ISP, the only situation that would fix is if the attacker isn't even touching your network but only spoofing your IP... all other scenarios, this wouldn't make a difference. – armani Apr 03 '15 at 21:47
  • 2
    Good answer. Maybe you can add a remark that it's strange that he is called. DDoS attacks often come from a lot of computers. First of all: *how* did he get the phone number and second: *why* call everyone instead if sending an email. It all sounds too fishy. – agtoever Apr 04 '15 at 06:30