Sonic.net

Hi all! Long-time customer of Sonic since 2002 (you guys rock!) We've had a couple falling-outs (more on my behalf than Sonic's). In 2005, left for Comcast with promises of a faster connection for a year then returned in 2006. Again left in 2011 for a year and I'm on my way back after being completely encumbered by Syn Flood attacks.

My question is, on a dynamic IP account, how could Sonic protect and assist me with a Syn Ack Flood attack?

No, I wouldn't think so. If you are doing things which are causing others to attack you on an ongoing basis, and if they are going to follow you wherever you go because you continue to do whatever is instigating the attack, it is unlikely any ISP can really protect you from that.

I'm very open to suggestions on how to stop provoking these assailant... My son plays his xbox shoot-em-up games and my daughter and I play wii bowling on occasion. I don't think we're associating with persons whom would know or care to do this to anyone. I've just had a long bout with Comcast trying to assist me with this issue and they are absolutely helpless. Meanwhile I have been rendered incapable of working or surfing from home for the past week.

Sometimes we see XBox players attacked to push them out of games or to reduce their ability to react quickly in the game. Have you asked your son if he has seen any in-game conflicts?

dane wrote:No, I wouldn't think so.

Wouldn't firewalls that have syn-flood countermeasures work or are they overrated and prone to false positives?

Where would I be able to purchase a router that can perform this function? I'm at a loss at this moment and in dire need of assistance...

logankl wrote:Where would I be able to purchase a router that can perform this function? I'm at a loss at this moment and in dire need of assistance...

Cisco ASAs and Juniper SSG devices among others have this capability.

Normally if you get lots of SYN flooding you should be able to call up your ISP (in this case Sonic) and ask them to null route the offending subnets and see if they go away after a while. When you use your own firewall it offloads the processing to your end.

Enterprise-grade firewalls like the ASAs and SSGs do this but a free firewall package like pfSense will also do this. If you get 3rd-party firmware for popular consumer routers or build your own, obviously you need to spend time to build as well as learn their new behavior.

Ending week 2 of this continually happening and I am unable to connect to the Internet for more than 30 minute at a time. My son admitted to taunting some children whom were boasting the ability to render his Internet useless. I suppose they weren't boasting and now I am paying the price for his nievity.

What can I do? This is bordering on the point of absurdity.

I am now trying to choose between a Cisco ASA 5505 and a ZyXEL USG50 firewall and willing to pay the few hundred for the peace of mind but I am wondering if 10,000 concurrent sessions is robust enough of a defense?

Thank you again for all your responses and assistance, you've been invaluable!!

logankl wrote:Ending week 2 of this continually happening and I am unable to connect to the Internet for more than 30 minute at a time. My son admitted to taunting some children whom were boasting the ability to render his Internet useless. I suppose they weren't boasting and now I am paying the price for his nievity.

What can I do? This is bordering on the point of absurdity.

Have your son get a new gamertag, and sign him up for parental controls to limit his time and who he can talk to.

logankl wrote:I am now trying to choose between a Cisco ASA 5505 and a ZyXEL USG50 firewall and willing to pay the few hundred for the peace of mind but I am wondering if 10,000 concurrent sessions is robust enough of a defense?

Thank you again for all your responses and assistance, you've been invaluable!!

Honestly, I'm not sure that those devices are really going to help, assuming you're not hosting anything on your connection, any firewall that can just drop the incoming SYNs is going to be the best you can do. More likely than not, the fine people your son has taunted have more bandwidth than you, so filtering the traffic after it has gotten to you isn't going to help much. (Although, if your system is sending RST or SYN+ACK in response to the incoming SYN, that may be filling up your upstream; but just use something that drops the packets)

I purchased the ZyXEL USG 50 after speaking with many people. The fine support at that company told me this should do the trick as well and remotes into my system to configure it properly for Syn flooding defense. Hopefully I won't be bothered by my sons gaming habits again anytime soon.