Getting a new IP address via DHCP from Spectrum Internet

Recently this website's been the target of malicious DDoS attacks.

But after accidentally leaking my home IP address in some network benchmarking clips in a recent YouTube video, the same attacker (I assume) decided to point the DDoS cannon at my home IP.

I have things relatively locked down here—more on homelab security coming soon!—but a DDoS isn't something most residential ISPs take too kindly. So it was time for me to recycle my home IP. Lucky for me, I don't pay for a static IP address. That makes home hosting more annoying sometimes, since I have to deal with tunnels and dynamic DNS, but it also means I can hop to a new IP address if one is under attack.

Getting a new IP address

At least with the DOCSIS 3.1 modem I'm using, the overall process is as follows:

  1. Turn off the cable modem.
  2. Set a new MAC address on the router.
  3. Restart the router.
  4. Restart the cable modem.

As an alternative for #2, you could just plug a different device directly into the cable modem. The main thing is, if the cable modem (and thus your ISP's endpoint) sees a new MAC address for the device attached to the modem, it will assign a new IP address via DHCP.

On my own router, an ASUS, there's a simple method you can use to change the MAC address—you go into the WAN settings, then under 'Special Requirement from ISP', there's a custom MAC address field.

You can either clone your current computer's MAC address into the field by clicking 'MAC Clone', or enter a valid MAC address for some other device here. Press 'Apply', and wait for the router to restart before turning the cable modem back on.

If you want to drop the custom MAC address and switch back to the router's default WAN MAC address, you could do that at some point—but I'd give it a day or two, since that's the typical DHCP address timeout. If you switch back right away, your ISP will probably hand out the same IP address you just had.

Thanks to this Spectrum community discussion for the idea.

Aside: When I contacted Spectrum's support this morning, their recommendation was to replace both my cable modem and router. It technically would achieve the same goal, but I wasn't about to spend a few hundred bucks replacing equipment! I'm surprised they don't have a mechanism internally to release an IP, but maybe that's not available to their lower support tiers.

Comments

What kiind of sad, twisted person would want to DDoS your site? Feels like someone who has made some bad life choices.

Most newer routers have the same thing where you can just change the MAC address off by one. I would be careful though that you don't conflict with any neighboring nodes that have a identical MAC address. (I tested this by changing my UDM-Pro's MAC to the same one my grandparent's Google Wifi system had and effectively got locked out.) You'd also want to give it atleast 1 day minimum to switch back to your original MAC.

Wow, seems complicated...
With my ISP (in France) I just have to reboot the gateway (an 'internet box' in french ISP terminology)
To get a new DHCP lease.

Jeff,

The transparency you're showing through this whole affair of DDoS attacks is great, super cool to see.

I know "Spectrum" is their customer-facing brand name, but every time someone says "Spectrum" instead of "Charter Communications" you're giving that ISP the power of their brand to save-face against negativity.

Comcast used to brand themselves with their company name in their internet products, but after public dissatisfaction in the late-2000s rebranded the product as "Xfinity". Nobody I know who is dissatisfied with Comcast would use any term other than Comcast to vent their frustrations. Anecdotal, I know, my circles are tech-oriented.

Next time Jeff is unhappy with his internet service, which everybody agrees wouldn't take long for anyone, I hope he hits them where it hurts.

Crazy that you're under attack. How could anyone be mad at you? You're just so lovable.

I want to thank you for posting this. Spectrum has NO clue. I think the IP addresses sometimes rotate/change periodically. Somehow my new IP showed up on a bad list (wasn't me). I do the same thing I have been doing for years: watch baseball, chat, etc. with friends.
I requested for them to change my IP. I called 5x and got 5 different answers. 1)Turn off modem for 5 min. 2) Swap out modem - I use my own router. 3) Turn off modem and router for a couple hours. 4) Turn off modem for 24 hours. 5) We dont control it, they rotate.

Of course none worked (but I refused to turn off modem for 24 hours since I work from home).
What you outlined worked immediately. I used the Mac Clone and voila!
Thanks again

Another "THANKS". For weeks I could only send emails after 8 PM until the early morning through my ISP (Spectrum) using my third party email software (eM Client) and my Comcast email accounts. (A setup that only Dracula could love.) Multiple phone calls, Internet searching and hardware swapping allowed me to prove that my IPv4 was being blocked my Comcast. Of course, no one there or at Spectrum could explain why or how to fix it.

I followed your example and changed the router MAC address and now I can send emails during the daylight.