My brother in law's internet cafe shop in bangkok (fairly big gaming hub cafe) is getting weird disconnects lately. In short - i managed to find out that another store sent some "spy" to gather the ip from our machines.

the one would login through steam and steam would automaticly send an email to the account owner (i.e the attacker) with the updated ip

shortly after his store received disconnects but got another new ip rather quickly from the load balancing system. nothing bad but for those that play MMO its REALLY bad to get disconnects.

so technicly we have some sort of evidence. i wanted to ask if thailand has a law against ddos attacks because i see none. by law the "spy" didnt stole any data or did anything against law thanks to this stupid steam ip update notification email.

help would be appreciated

p.s: i wouldnt waste my time either explaining a police what ddos is and would go to a lawyer directly IF ddos is already a law in thailand

Since when has law mattered in Thailand?

The Internet cafe should sign up for a commercial DDoS mitigation service from their ISP or from an MSSP.

Of course, they won't.

Gamer-on-gamer disputes are one of the top motivations for DDoS attacks.

Eventually, your brother-in-law will figure out that his shop is being DDoSed because of inter-gamer rivalries between your crowd and the other crowd, and he'll kick you out. Problem solved!

btw, who the heck uses Internet cafes, in this day and age? Bit 1997, you know?

btw, who the heck uses Internet cafes, in this day and age? Bit 1997, you know?

Have you ever walked down a Thai street? There are internet cafes literally everywhere, catering mostly to kids playing online games.

Since when has law mattered in Thailand?

The Internet cafe should sign up for a commercial DDoS mitigation service from their ISP or from an MSSP.

Of course, they won't.

Gamer-on-gamer disputes are one of the top motivations for DDoS attacks.

Eventually, your brother-in-law will figure out that his shop is being DDoSed because of inter-gamer rivalries between your crowd and the other crowd, and he'll kick you out. Problem solved!

btw, who the heck uses Internet cafes, in this day and age? Bit 1997, you know?

you are funny, you really expect a thai ISP to know how to mitigate ddos attack even tho we called and they were clueless

and internet cafes are very popular amongst students

Google​ 'DDOS protection.' it can cost a bit of money.

Google​ 'DDOS protection.' it can cost a bit of money.

thanks for the suggestion but i rather want to know if ddos is a cybercrime yet in thailand also oversea ddos protection would be silly because it would add alot of latency

try to find patterns in your query load statistics dump file, if using BIND loo for `rndc stats`.

if your problem reside in the DNS then your best bet is to deploy `Anycast`

if your problem reside i the lan only try to detect abrupt bursts of traffic, again look for patterns, it is your best bet.

in last case, if you know the guy doing this, then kick him or her in the ass.

good luck.

Perhaps get a mini intel atom computer with 2 ethernet ports to deploy pfsense or similar firewall to protect against ddos. However, configuring a firewall is not easy. It gets harder when you need to manually open ports for each game you have in your library.

Perhaps get a fiber internet, not adsl or vdsl.

If you block wan port ICMP and ping requests in your router/modem, perhaps it can work too. Simple but elegant.

btw, who the heck uses Internet cafes, in this day and age? Bit 1997, you know?

Have you ever walked down a Thai street? There are internet cafes literally everywhere, catering mostly to kids playing online games.

Disambiguated is right, as I do not see many as I did 5 yrs ago, due to smart phones and tablets. Even wifi technology is improving, since WiFi3 will soon make an entrance in Asia, which will enable much heavier use with better connectivity.

Which entity is providing the IP addresses to the computers in the Internet Cafe (IC)? The ISP, or is it done internally (using a router)?

If the IC has a router, then I would assume that the ISP provided the cafe with a single IP address, and that the router would then service (i.e. provide) each computer with an internal IP address within a local subnet.

I've heard for network disconnects, but never a 'weird' one. It would be nice if the OP would elaborate at to what is weird? Is the IP address supplied by the ISP changing? Does the IC have a fixed IP address, or are they using a less costly service that only offers DHCP?

Lastly, what level of computer security is enforced at the IC? Can anyone off the street load their malware and viruses onto the IC computers using a thumb drive?

Too many damn questions, if you ask me. Perhaps the OP and/or his BIL have no business running an IC.

Thanks for the replies guys

our connection has a dynamic ip package and we use a mikrotik loadbalancer router (3 internet lines, 1 for games and 2 for heavy streaming like youtube) they dont seem to care about streaming lines but more for the gaming one.

i did a dstat back then and it topped our capacity and the ISP limit so i doubt the kind of hardware we have could keep up with the attack incoming

i believe he is using a booter (from those stress testing forums) which cost like 5-10$ monthly

but i collected enough evidence and got the name of the spy (with proof that she always logs out and logs in at steam and shortly after we disconnect) and my brother in law will confront the attacker soon at his home to discuss things

I dont run the IC i just try to help my brother in law, he has several ones so he takes it very seriously (only this one has this issue)

and no you cant infect the computers because it pulls a fresh image from the server after every restart. so stuff that happens on the pc is temporarely and all reset after a restart (i.e client pc has no disk but pulls image from the linux server)