Protection from DDoS Attacks – Preventing Skype from leaking your IP

Posted on by | Discuss this article on reddit

Protecting Yourself

There are two separate trains of thought when it comes to protecting yourself from broadcasting your IP Address. Typically I see people either recommending you mask your entire internet presence using a VPN, and other times I see people specifically advocating for using a VPS or VPN to only route specific services. I agree with the later, for reasons I’ll explain shortly.

Masking your entire internet presence with a VPN

A VPN is a Virtual Private Network. To keep things simple, a VPN can be imagined as connecting to someone else’s router, except that other person is actually another network located somewhere on the internet. Instead of physically connecting to that person’s network with an ethernet cable, like you would a normal router, you connect to their network via a program you download.

Here’s a flowchart to detail how this process works, hopefully it’ll make my explanation a bit easier to follow.

The idea behind a VPN is that you’re putting a middle-man between your internet connection and every website you visit. This means that your League of Legends, Starcraft, Skype, etc…etc…traffic is ALL being routed through a VPN. A VPN is nice because it’s 100% fool-proof: once you’re on your VPN, there is no way you can “mess up” and leak your IP anywhere because literally 100% of your outbound/inbound connections will be traveling through the VPN. If someone DDoSes you, it’s the VPN that takes the hit, not you.

A VPN is simple, and secure, but not always elegant and reliable.

There are a lot of programs that also don’t really “need” to be masked. Most games connect to servers, meaning no other client (or person playing said games) will ever actually “see” your unique IP address, unless they literally hacked into the servers you were playing on. The chances of a company like Blizzard, RioT, or Valve having their servers compromised are incredibly low. This makes the solution rather inelegant, as you are dramatically overcompensating the amount of programs you are covering.

Another problem with using a VPN is that you introduce a middleman between a lot of unnecessary programs that will serve to increase latency and potentially cause trouble for you, should your VPN ever go down. It also may be difficult to find a VPN that accepts a large amount of traffic if, say, you wish to stream your gameplay, or you do a lot of torrenting online. This makes this solution rather unreliable.

The alternate train of thought is that you siphon only a small part of your internet connection off, only for programs that you absolutely need shielded, such as Skype.

Masking only a portion of your network presence with a VPS

A VPS is a Virtual Private Server. Again, for the sake of simplicity, you can imagine a VPS to be the same thing as a virtual machine (VM). It’s basically another system that you connect to in order to tunnel only specific traffic. This other VM is hosted on a separate network somewhere and ideally it is running an operating system (some unix-derivative) that can accept Secure Shell (SSH) traffic.

Here’s another picture depicting how, ideally, you would have the VPS set-up.

The idea behind a VPS is much the same as the VPN – you’re still putting a middle man between your internet connection and the websites you visit. The difference with the VPS is that instead of masking your entire internet connection, you’re only masking the small parts of your activity of which are unavoidably exposed to other people, such as with p2p applications like Skype.

The only drawbacks to using a VPS is that it can be a tad bit more complicated to set-up. Once you have everything up and running, however, you will never want to go back to routing everything through a VPN.

*One quick thing I would like to note about either of these methods is that this is only a means to protect your IP Address from being seen by other people. You can still download virus’ or other malicious programs onto your computer and suffer the same damages, regardless of whether or not you are hidden behind a VPS or VPN.