Destiny's DDoS protection guide

Our article "Understanding DDoS attacks" was posted earlier this month and raised awareness of DDoS attacks quite a bit, as well as sharing some tips on how to prevent them.

After reading the article, one of the developers of Netduma - who are developing a router for gamers - also started considering adding a CS:GO VPN exception to their product.

We reached out to Steven "Destiny" Bonnell II, a well known streamer, who has created a much more in-depth DDoS prevention guide. He gave us permission to post it.

All of the text below is written by Bonnell II, who has only given us permission to post it here in order to help others avoid the DDoS attacks that have become a daily issue in our scene.

The Walkthrough

If you came here straight from the first page just looking to a guide to mindlessly follow, this will get the job done. However, I highly encourage you to read the explanations given in the pages prior to this so that you have a thorough understanding of what you’re going to be doing with the programs you’ll be working with.

This page was last updated on June 12th, 2013. I will try to keep it updated in case any of the information changes. If anything in here doesn’t line up correctly, e-mail me and I will patch it up.

Downloading PuTTY

First, let’s get the program we’ll use for our SSH tunneling, PuTTY, and the program we’ll use for our Amazon key, PuTTYgen. 

PuTTY and PuTTYgen

Setting up EC2 on Amazon

Next, we’ll need to create an AWS (Amazon Web Services) account. You can click the “sign up now” button here - http://aws.amazon.com/ec2/. If you don’t already have an Amazon account, you’ll need to create one of those as well. The micro-instance we’ll be utilizing via Amazon’s EC2 service is free for one year.

After that, we’ll need to sign up for Amazon’s EC2 service and get a micro-instance running.

1. You can return to the same link earlier and click the “My Account/Console” drop down menu in the top right, then click “AWS Management Console”.
2. Next click “EC2″ under the “Compute and Networking” list
3. You should see an option that will allow you to “Launch” an instance. Click that.
4. Select the “Classic Wizard” option and click next.
5. Scroll down to whatever the latest Ubunutu server is with a star next to it, and press the “select” button next to it. You can leave the 64 bit version selected.
6. As long as everything looks like this on the next page, you can continue.
7. Press “continue” on the next page.
8. Then press “continue” one more time.
9. The next page asks you to assign a key/value name to the micro-instance you are running. This is entirely arbitrary and will not be used at any point here, so you can name these whatever you want, or simply leave it blank.
10. For the next page, you’re requested to create a name for your key pair. This will be used later on to log into the micro-instance. After you assign another arbitrary name, you can download this key pair.
11. On the next security page you need to select the “quick-start” bubble, then click “continue”.
12. Finally you can “launch” your instance!

Creating a keyfile and setting up PuTTY

Remember where you saved that keyfile that you downloaded earlier? Now we’re going to turn that keyfile into something usable with PuTTY.

1. Open “puttygen.exe”.
2. Click “load” and search for the key you saved from Amazon. You will have to select “all files” in the bottom right as the file you’re looking for is a .pem file, and not a .ppk file.
3. Click “save private key” and save it somewhere you’ll remember for later on.

Now it’s time to configure the program that we downloaded earlier, PuTTY.

1. When you first open up PuTTY, there will be two empty boxes for information. “Host Name (or IP address)” and “Port”. In the “Host Name” box, you need to enter your EC2 information from Amazon. Go to https://console.aws.amazon.com/ec2 and click “1 Running Instance” to bring up a list containing the instance you launched earlier. Select it. At the bottom of the screen you will see your Amazon EC2 IP (it will look something like this). Enter this into the PuTTY Host Name box. For “Port” you can enter “22″.
2. Make sure the connection type is set to SSH.
3. On the left side of the PuTTY window, scroll down and expand “Connection”, then select “Data”.
4. Here you want to enter your “Auto-login username” as “ubuntu”.
5. Now expand “SSH”, then select the “Auth” option.
6. In the empty box here you need to search for and enter the location of the keyfile you saved earlier using puttygen.
7. Now select “Tunnels”. On this screen you want to enter 8080 in the “Source port” box, and make sure you’ve selected the “Dynamic” bubble beneath. Now press “Add” and “D8080″ should appear in the box above.
8. Now scroll all the way back up to “Session” on the left side, enter whatever you want in the “Saved Sessions” box, then press the “Save” button on the right to save these settings. Now when you open PuTTY, all you’ll have to do is press “Load” and “Open” to recall these settings and open your SSH tunnel.

Use Windows 7 Firewall to block Skype

1. Search for “Advanced” on Windows 7 and “Windows Firewall with Advanced Security” should come up.
2. Select “Outbound Rules” from the left column
3. In the top left, select the “Action” menu and click on “New Rule…”
4. A box will appear on your screen. Select “Program” and click the next button.
5. Browse your computer for Skype to block, then press “Next”.
6. Press “Next” one more time, all three boxes should be marked on this screen.
7. You can create whatever name you want here; I called my rule “SkypeBlock”.

Now Windows 7 will not allow Skype to make any outbound connections! To test and make sure that this worked, try to open up Skype right now. If you were successful, Skype should fail to connect to the internet.

Force Skype to route through localhost

1. On the Skype login windows, click “Tools”, then press the “Connection options” button.
2. Under this connection tab, you need to make sure “SOCKS5″ is selected in the drop down menu. Now you need to enter “127.0.0.1″ for the “Host” box and “8080″ for the “Port” box.

And that’s it, you’re done!

Now any time you want to log onto Skype behind your Amazon proxy, all you have to do is open PuTTY, load your settings, then connect to your EC2 instance (via the “Open” button) and you should be good to go!

The article was originally posted here, on Bonnell's blog. You should also read the first pages of his article, which explain DDoS attacks, and why his way of protection is superior to others.