DDos attacks

[TryHard 4]

Hello guys , I hope your all fine

I need to ask about DDOS attacks

As you know, when a DDOS attack occurs, server lag increases for some time
So is there a way to reduce impact on the server?
Is that done just by the hosting ? or are there any way to do that by server files ?

[WeedHex 626]

A good degree in telecommunications.

Edited February 15 by WeedHex

[Vanilla 1449]

First things first, here's a rough (and obviously incomplete) explanation. You'd differ between DoS and DDoS.

 

DoS (Denial of Service) simply put is using up the resources of the machine by leveraging on a weak spot of the program. You'll see often people targeting the auth server and flooding it with packets and if the server has bad code in it, it'll use up too many resources. This could lead to lags or in worst cases the server to not respond anymore.

 

Now, if you think DoS is bad, we're gonna take it to a new level: DDoS (Distributed Denial of Service). This time it's not only one pc trying to flood the server and consuming all it's resources.. it's a lot. The strength of the attack varies and depends on how many attackers are gonna target your server. There are many ways on how a DDoS works and you don't necessarily need to leverage on bad code in order to attack the server: Even a SYN/FIN Flood can make the server say bye bye - or at least it would, if it could.

 

Now let's get on how to protect against it. If you know how it works you can think about a few strategies on how to fortify against those attacks:

1. Make sure your source doesn't have flaws that could be exploited by attackers to use up your resources

2. Set up a good hardware firewall to block incoming attacks

3. Configure your firewall correctly to drop connections once a connections seems to go mad

4. Harden your system (there are some tunables you can set to harden your system a bit against attacks)

 

There are also more techniques (rerouting traffic, etc..) but I guess for the most people this does not matter too much.

[Shogun 4464]

Here's a pretty good writeup about the subject:

 

https://www.imperva.com/docs/DS_Incapsula_The_Top_10_DDoS_Attack_Trends_ebook.pdf

 

TLDR; get an OVH server, enable the permanent DDoS protection, use secondary IPs for your public stuff, set up pf, rate limit your auth ports and game ports as well because Layer 7 attacks on Metin2 are getting popular and not just the typical auth flood.

 

These usually work by flooding poorly written systems that directly interact with the database.

 

The golden rule for both your website and game is that a user should not be able to trigger a database connection or query directly and unrestricted (such as through loading a page or sending a packet). Either use a cache (the dbcache in Metin or Redis for web applications are an example) or throttle the connection (you can use nginx's ReqLimit module in a webserver and pf in your game server)

 

Another case of involuntary DDos is when your server is too successful and people jam your uplink trying to download or patch your client.

[TryHard 4]

Thank you all that was very helpful
 

I will leave the topic open, it would be good if we got more information about that