No worries, the DDoS attacks are usually done against larger network units, such as Dedicated Servers or Firewalls.
Attacking the host is simply useless, because you can just update your IP address - every home IP address is dynamical (which means it changes automatically over time, or every time you reconnect your router).
We offer DDoS Protected Dedicated Servers and DDoS Protection services and sometimes we get a wave of questions from home users like you are.
It's also possible that all these "ddos attacks" are simply the trojan viruses that make the victim think that he is under DDoS attack and to offer purchase some software etc.
Simply use your Antivirus and Firewall and avoid such problems with any kind of threat.
I signed up on these forums to reply to this post! ha
He is totally correct, and I'm actually undergoing the same thing from a DDOS Bot attack on my network.
I run a wordpress server from home and the bot is attempting to find weak spots in my wordpress while also DDOSing my network. (although totally failing to do so since I run a business grade Sonicwall firewall at my home and was able to block the ip/network). I ended up tracking it down to Cloudflare company that happens to provide "DDOS Protection Services". So yes, companies often perform real and/or fake DDOS attacks in attempts to get customers... it's sad but guess what... It also opens them but to being DDOS'ed themselves (as now I know their originating IP address) : ) although, I will not confirm or deny that, that's exactly what I'm doing do them as I'm writing this....
Here is just a small part of the hoops us administrators need jump through just to take just to narrow down the original spamming network. From their you better hope you have a good firewall where you can block the IP yourself or call your ISP in hopes they can block it for you on the modem or node side.
I was being attacked by 18.104.22.168 & 22.214.171.124 which can be seen in my firewall logs, like such.
[DoS Attack: SYN Flood] from source: 126.96.36.199, port 57962, Tuesday, June 14, 2016 10:56:20
[DoS Attack: SYN Flood] from source: 188.8.131.52, port 32964, Tuesday, June 14, 2016 10:56:20
And just continues through all the major ports and then some, when I spun up my wordpress site I used "live monitor" in wordfrence (wordpress firewall) and saw those IP's trying to access mydomain.com/XML-RPC.php which is commonly used in attempts to brute force wordpress sites.
I did a whois on 184.108.40.206 and while he was using a DNS masking service, the contact email was "firstname.lastname@example.org" and obviously seeing the .CO address. I googled DMZHOST.CO and ended up at his website.
You can tell the website is fake as their is no phone numbers or addresses labeled on the site and also there are tons of page redirects going to the same "support" page. Clicking on "contact" or "tickets" etc... keeps redirecting to the same "support" page. A professional company doesn't function like this.
So in efforts to continue tracking down the root network of the attacks. I performed a traceroute and ping to dmzhost.co and can you guess where that goes? Yeah that's right, it resolves to 220.127.116.11 which according to whois goes straight to Cloudflare... which I verified after going to their site and again running more traceroutes, ping checks and whois look ups.
I attempted to call Cloudflare posing an interested client. If you call their tech support number on option 3, the call either randomly drops, or you receive a recorded message saying to go to their website to submit a ticket. If you call the line and do option 4 to report abuse, it again pulls up a recorded message stating to send an email to abuse@ etc... Dailed option 1 to go to sales, who didn't even introduce the company professionally and simply stated "this is joe, what can I do you for?".
In the end, its either a client of theirs being hosted by Cloudflare services who is pushing out the DDOS attacks (which would be sad as hell since they advertise DDOS protection services on their website and can't even stop their own clients from DDOSing????) or Cloudflare themselves in attempts to get business. Which I believe is the case here.
So that gives you a little insight into what we network engineers (such as myself) deal with on a daily in the business world. The only real advise I, or anyone could give you is to get a good firewall (not consumer grade, but rather business grade such as a Watchguard, Sonicwall, Cisco etc...), rotate your IP's on a normal bases (weekly/monthly for dynamic ip\home users) and work with your ISP to block them as you see them come in if possible.
The very best advise I could give you, is to get a good firewall and not host services from your house. You can easily get hosted server rentals for gaming or websites for very cheap nowadays, and they will handle all the attacks/maintenance stuff for you. I know it's not something you want to hear but honestly there is only attack risk mitigation, there is no way to totally protect yourself against it.
Edited by androbourne, 14 June 2016 - 02:41 PM.