Recently this website's been the target of malicious DDoS attacks.
But after accidentally leaking my home IP address in some network benchmarking clips in a recent YouTube video, the same attacker (I assume) decided to point the DDoS cannon at my home IP.
I have things relatively locked down here—more on homelab security coming soon!—but a DDoS isn't something most residential ISPs take too kindly. So it was time for me to recycle my home IP. Lucky for me, I don't pay for a static IP address. That makes home hosting more annoying sometimes, since I have to deal with tunnels and dynamic DNS, but it also means I can hop to a new IP address if one is under attack.
Getting a new IP address
At least with the DOCSIS 3.1 modem I'm using, the overall process is as follows:
- Turn off the cable modem.
- Set a new MAC address on the router.
- Restart the router.
- Restart the cable modem.
As an alternative for #2, you could just plug a different device directly into the cable modem. The main thing is, if the cable modem (and thus your ISP's endpoint) sees a new MAC address for the device attached to the modem, it will assign a new IP address via DHCP.
On my own router, an ASUS, there's a simple method you can use to change the MAC address—you go into the WAN settings, then under 'Special Requirement from ISP', there's a custom MAC address field.
You can either clone your current computer's MAC address into the field by clicking 'MAC Clone', or enter a valid MAC address for some other device here. Press 'Apply', and wait for the router to restart before turning the cable modem back on.
If you want to drop the custom MAC address and switch back to the router's default WAN MAC address, you could do that at some point—but I'd give it a day or two, since that's the typical DHCP address timeout. If you switch back right away, your ISP will probably hand out the same IP address you just had.
Thanks to this Spectrum community discussion for the idea.
Aside: When I contacted Spectrum's support this morning, their recommendation was to replace both my cable modem and router. It technically would achieve the same goal, but I wasn't about to spend a few hundred bucks replacing equipment! I'm surprised they don't have a mechanism internally to release an IP, but maybe that's not available to their lower support tiers.
Comments
What kiind of sad, twisted person would want to DDoS your site? Feels like someone who has made some bad life choices.
No clue, but the site is now faster than ever :P
Most newer routers have the same thing where you can just change the MAC address off by one. I would be careful though that you don't conflict with any neighboring nodes that have a identical MAC address. (I tested this by changing my UDM-Pro's MAC to the same one my grandparent's Google Wifi system had and effectively got locked out.) You'd also want to give it atleast 1 day minimum to switch back to your original MAC.
Wow, seems complicated...
With my ISP (in France) I just have to reboot the gateway (an 'internet box' in french ISP terminology)
To get a new DHCP lease.
Jeff,
The transparency you're showing through this whole affair of DDoS attacks is great, super cool to see.
I know "Spectrum" is their customer-facing brand name, but every time someone says "Spectrum" instead of "Charter Communications" you're giving that ISP the power of their brand to save-face against negativity.
Comcast used to brand themselves with their company name in their internet products, but after public dissatisfaction in the late-2000s rebranded the product as "Xfinity". Nobody I know who is dissatisfied with Comcast would use any term other than Comcast to vent their frustrations. Anecdotal, I know, my circles are tech-oriented.
Next time Jeff is unhappy with his internet service, which everybody agrees wouldn't take long for anyone, I hope he hits them where it hurts.
Crazy that you're under attack. How could anyone be mad at you? You're just so lovable.
I want to thank you for posting this. Spectrum has NO clue. I think the IP addresses sometimes rotate/change periodically. Somehow my new IP showed up on a bad list (wasn't me). I do the same thing I have been doing for years: watch baseball, chat, etc. with friends.
I requested for them to change my IP. I called 5x and got 5 different answers. 1)Turn off modem for 5 min. 2) Swap out modem - I use my own router. 3) Turn off modem and router for a couple hours. 4) Turn off modem for 24 hours. 5) We dont control it, they rotate.
Of course none worked (but I refused to turn off modem for 24 hours since I work from home).
What you outlined worked immediately. I used the Mac Clone and voila!
Thanks again
Another "THANKS". For weeks I could only send emails after 8 PM until the early morning through my ISP (Spectrum) using my third party email software (eM Client) and my Comcast email accounts. (A setup that only Dracula could love.) Multiple phone calls, Internet searching and hardware swapping allowed me to prove that my IPv4 was being blocked my Comcast. Of course, no one there or at Spectrum could explain why or how to fix it.
I followed your example and changed the router MAC address and now I can send emails during the daylight.
We had a transformer blow, causing us to lose our internet for almost 2 days. When it came back up, I couldn't (and still can't) get my local Dayton news station... I'm getting one from Cincinnati, which I'm assuming is due to the IP being reassigned. I am annoyed and frustrated that I don't have the knowledge or skill to fix this. It happened before, but the local came back up the following date, after a hard boot.
Wondering if I should invest in a VPN or some other way to do this more easily, since I doubt Spectrum will give 2 craps about my needs or wants in this.
Thank's Jeff. I recently experienced a slew of DOS attacks. I'm not sure where my IP address was leaked, but I must say this article helped tremendously. PS. I changed my IP address at first, only to have the attacks return after a week. I then had to replace my modem and router. So far, so good...
What kind of device could I plug into modem to get new MAC Address?
Anything with an ethernet port, pc, xbox, switch etc...
OMG this worked!! I turned off my internet for over 12 hours and that didn't work.
I always thought spectrum locked on to router's MAC address but I guess they key part was to turn off modem while changing MAC address.
Some ahole kept trying to log in to my router, hopefully they can't guess my new ip.
Looked all over for a clear how to. Hard to find in general.
Found this page just now which dealt precisely with my situation - need to change WAN IP address.
Very clear, delightfully simple instructions.
Had spoken to Spectrum person today whose only useful suggestion was to switch modems which would generate new WAN IP address. This requires activation of the new modem, which meant you needed another type of internet connection to perform the activation (if you used the automatic procedure, as opposed to finding a tech support person at Charter Spectrum to do it for you.)
Worked!
Thanks.
this totally worked thank you so much!!!!
Thank you! This helped me solve a very frustrating issue regarding not receiving content from a streaming service suddenly, though the streaming service had no record of wrong-doing. I contacted Spectrum and they said they had no way of recycling the IP address, it just sort of happens from time to time (ugh). I noticed swapping out routers solved the issue, which coincides with the MAC address explanation in this article. However, I wanted to use my original Google mesh Wifi since it works much better than my temporary replacement router. You can't change the MAC address of Google Wifi, however, you CAN replace which access point connects to the cable modem. I swapped the main access point with another, and sure enough, a new IP was issued and the problem was solved!
God bless you, Jeff, for posting this information. I just spent 7 hours fighting with Spectrum's tech support......somehow the IP address they assigned to my account got "blacklisted", and it prevented me from being able to access many sites that required higher security levels. Really odd. I was just about to do terrible things, and then I ran across your posting. I also have an ASUS router.....just changed one digit in the MAC address........and Spectrum's DHCP servers assigned me a different IP address, and everything's working just fine.
Spectrum Tech Support blamed my PCs (I demoed the problem on two Windows 11 boxes, one Windows 10 box, and a Linux system)...so they then blamed my ASUS router. I configured the router to turn all firewalls off....they STILL blamed my router.
It seems that Spectrum's modems don't get the IP address assigned to THEM........it's the first device AFTER their modem that they get a MAC address from, and then assign a IP address to THAT MAC address.
They had me remove my router, and connect my PC direct to their modem. Yes, that worked, because their DHCP servers assigned a different IP address, based on the MAC in my PC. But, when I put my router back in the pipeline, Spectrums servers again assigned me my old (blacklisted) IP address, and we were back to the races.....and Spectrum's tech support blaming my ASUS router for the problem.
I just went into the ASUS configuration, altered one bit in it's MAC address...........and life is now beautiful again.
Now, the $50,000 question is..........WHY did my IP address get blacklisted? What can cause this? It's not like my systems were turned into zombies and were spamming the world...........there's no reason I can think of for my IP address to get flagged. Do you know how / why IP addresses can get blacklisted like this? I'm more than a little curious....