This guide is in no way a guide to help you attack online users with these methods but how to protect yourself from them! Please note that in many countries these actions are Illegal and you can be prosecuted by doing them!
What makes me qualified to make this guide? well, I used to be on both ends of these attacks from shutting websites and networks down to having no internet for days on end and threats everyday on personal information.
First of all what are these attacks?
DDoS: These attacks are packet attacks on your home and server networks by sending receiving packets across a network to your home or server network. This process is called "Distributed Denial of Service". This process works by sending "packets" to your network via a "botnet". These sent packets have only one purpose which is to fill your network with as much useless information as it can handle, which in turn slows your network down and can even disable it if the load is too much.
These can be done by purchasing "stressers" online which only send small amount of information up to around 500mbs - 1gbs depending on how much you pay. These usually only slow networks down and wont disable a network unless the said network is on the low end.
Private botnets are used by major hackers and are usually made from hacked computers or can be bought for thousands of dollars. These programs can be seen used by infamous groups such as: Lizard Squad and Anonymous. They usually are composed of thousands of unknown computers and can produce attacks up to 100gbs-1000+gbs.
How do you tell if you're under a DDoS attack? well a simple method is following packet loss percentages. An easy way to do this is with teamspeak if you have it. Right click on your name and click "Client Connection Info" this will tell you some information about your connection to the server. You want to look at the bottom grid where it says packet loss
and focus on the in percentage. If you lose to many packets this usually means you are under a DDos attack. Everyone will give packet loss at some percentage it is fine dont worry about it. If you get a bad connection that can even go up to 50-60% then your internet will usually disconnect, that is not an attack that is usually the connection on your end (reset your router and you should be okay). But if you see the packet loss go up to 70% and higher and you're still connected it usually means you're under attack. if you do not disconnect after around 5 minutes they are more than likely using a free online stresser or a very poor one still take precautions below.
DoS: This attack is pretty much the same as above but much less lethal to a network. This is called a Denial of Service attack and is produced by 1 computer rather than a network. It works in the exact same way as above by sending packets to a network in order to slow the network traffic down. One of the easiest ways you can do this is to "ping" using command prompt, this is a perfectly safe and easy thing you can try to get a better understanding.
If you're on windows open command prompt by searching CMD in the search bar, right click and open as administrator. once open type in this string: "ping www.google.com" and it will send 4 packets with 32 bytes of data (completely harmless to google and this isn't illegal)
A DoS attack uses this method but will ping a network with 10,000s to 100,000s of pings a second. Exactly what a botnet does but with many more computers.
DoX: This is a term used by hackers to mean gaining information on a person. This seems harmless but is anything but that! They work by scanning through public information and records that may be on you and social media sites. It is relatively easy to do but something that should not be taken lightly!
A Doxxer can learn everything from who you are, what school you attend(ed) to the exact location of you and your family members, friends or anyone you know! this includes addresses, phone numbers, NI numbers, Social Security numbers and everything inbetween.
You can probably already tell this is a lot worse than what you first thought.
How do Doxxers get the information? it is actually really easy. Most people who are connected online these days have at least 1 social media account whether that is facebook, twitter or even instagram. The next step for them is public records, these are records that are kept on you that can be accessed by any member of the public whether it is arrest records to birth records. though note that most records that do contain sensitive information about you are kept under a privacy protection act your government will have in place, making it illegal to give out this information.
The next thing a Doxxer will take on is social engineering. This is the process of talking on a online chat, face to face or over the phone. The easiest to manipulate is a ISP (internet service provide) as it requires little proof to identify who you are and you can obtain information such as address' and phone numbers the person registered to that ip is currently using.
Doxxers use this information in varying ways where it is to send 100s of unpaid for pizzas to your house a day or to send your local police a unanimous tip that there is such things as terrorist activity in your house to then allow armed police (swat) to give you a visit.
Now this must sound very scary but in fact most of you have very little to worry about. Online gaming comes with the risk of DDoS attacks but appart from that unless you bother a "black hat hacker" you will more than likely be okay. But how do you protect yourself from these attacks? Well it is fairly easy to protect yourself and defend against most of these
DDoS: This is a relatively easy process to prevent. The only way this attack can occur is if the attacker has your network's IP address. The most simple point is make an effort to ensure your IP is unknown to other people. But how do they gain your IP address? Well simple ones are going to sketchy website, joining strange servers and even teamspeak. Public teamspeak servers are usually always set to private IPs so your IP is hidden from others but if you are asked to join someone's Private teamspeak server then do it with caution as your IP will not be hidden to them!
But what can you do if you need to join a private teamspeak server or are doing something you think may give away your IP? Well you can mask your IP with a fake one really easy and free by using a VPN, one of the best is "HotSpot Shield" and it offers free service to mask your ip as if you were a computer from somewhere else in the world. You can also buy VPNs for better protection but for the most part is unneeded. Do take note though that a VPN should not be used all the time as it will slow down your internet speed.
What can you do if someone has your IP and you're being DDoSed? Well one of the easiest ways is to unplug your router for 30 seconds to a minute and that should reset your IP if you have a Dynamic IP (most house networks do) if you do not and your IP address does not change then you would need to call up your internet service provider and ask for it to be changed.
For a server network this won't really work and the best way to protect against it is to invest into DDoS protection from a third party. This service provides a system that will act as a barrier for your network traffic. Essentially it will let in all the traffic that you wish to receive and the packets you're sent to slow your traffic will be received by the third party up to the amount you pay for.
DoS: To protect yourself from this attack all you need to do is read the steps above.
DoX: This is a much harder attack to prevent and cannot easily be stopped once it is done! But how do you prevent and stop it? Well the easiest way to prevent it is to ensure that all your social media accounts have the correct security settings so only who you choose can see your information. The next is ensure everything you can has a 2 step verification process on so that a hacker cannot easily gain entry to your accounts and then look at information.
The biggest one is to ensure that you do not give out your real name to anyone and everyone (first name is okay but not really full name) and do not give the location. There might be 1 10 thousand people in the world with the same name as you but if i told someone my name is james byat and i live in manhattan NY (none of this is true) to which there may only be 3 people there with the same name, making it much easier to find me.
Do not give out your IP address once again as you can use geolocators to locate that IP. The biggest thing a hacker can use against you is your IP, protect it!
There are some points you CANNOT protect against such as public information and most social engineering tactics but without good information they cannot use these anyway.
What if you have already been doxed or want to know if you have? Well if you want to know then do a quick google search for your address, names etc... if nothing strange pops up you're probably okay. The site that people usually always post DoXs on is called pastebin (http://pastebin.com/) this is a site where users can dump mass amounts of texts for the world to see, perfect to release someone's information. If you sign up for an account you can set up a process that will message you if any keywords you have selected (ie your address etc..) are posted. Put in keywords that will not be posted all the time such as your address, account usernames you normally use.
DDoS: Distributed Denial of Service
DoS: Denial of Service
VPN: Virtual Protection Network
BotNet: Series of computer networks remotely controlled with their owners usual unknowing
DoX: The gathering of personal information
Stresser: A online website providing the service to send packet traffic to a network for a price
Packet: Small amount of data (usually only a few 10s of bytes) of information in network traffic
Hope some of you find this guide useful and I do hope you will never need it but it is here if and when you do. If you have anymore questions about it or want to know more feel free to PM me or just google, all information is out there. you just have to look.