Jump to content
Shogun

DOS protection: your experiences

Recommended Posts

Hi guys,

 

Lately I have been analyzing the different DOS protection options trying to find something affordable for small servers which can't pay something like BlackLotus.

 

I already have some ideas in mind but I would appreciate if you help complement my study answering to these questions:

 

1) Has your server (if you own one) ever been attacked? How often?

 

2) Do you use any kind of DOS protection method?

 

3) If yes, which one? Would you recommend it?

 

4) Would you be interested in a low-cost DOS protection service?

 

 

Regards

Share this post


Link to post

I've been as Developer on a Server. First we tried SafeWare as one of the first customers.. at revealed as real crap cause the servers shut down on the first sign of (D)DoS

Then we switched to Incloubly. They had a really nice protection.. If i can trust the statistics we saw we had an Attack of 70 - spikes of 100 Gbit/s incoming and they did manage to block it

Share this post


Link to post

Im currently working on my own private Server and i think that D/DOS is a big Problem.

I'll try to secure my Server as much as i can.

I think about to use an soyoustart dedicated Server (ovh) because they have a damn good protection against D/DOS for up to 10 gbps.

If anyone has another ideas just tell me please :)

Gesendet von meinem Nexus 5 mit Tapatalk

Share this post


Link to post

Im currently working on my own private Server and i think that D/DOS is a big Problem.

I'll try to secure my Server as much as i can.

I think about to use an soyoustart dedicated Server (ovh) because they have a damn good protection against D/DOS for up to 10 gbps.

If anyone has another ideas just tell me please :)

Gesendet von meinem Nexus 5 mit Tapatalk

Like i said above try Incloudbly. But they have very high prices for their excellent service.

Share this post


Link to post

But the prices are really much higher than soyoustart.

Gesendet von meinem Nexus 5 mit Tapatalk

Share this post


Link to post

But the prices are really much higher than soyoustart.

Gesendet von meinem Nexus 5 mit Tapatalk

Yes thats true. But you will avoid to go down on your first day with their servers :D

Share this post


Link to post

Yes thats true. But you will avoid to go down on your first day with their servers :D

What do you mean? :o

Gesendet von meinem Nexus 5 mit Tapatalk

Share this post


Link to post

What do you mean? :o

Gesendet von meinem Nexus 5 mit Tapatalk

The DDoS in metin2 section is very heavy. Like i said we got up to 100 Gbit/s DDoS in our first week

Share this post


Link to post

Im padrio, not very popular and the only opponents i have are theese loxer kids :b

Gesendet von meinem Nexus 5 mit Tapatalk

Share this post


Link to post

Im padrio, not very popular and the only opponents i have are theese loxer kids :b

Gesendet von meinem Nexus 5 mit Tapatalk

Doesn't mean you'll have a safe launch. The section has many faggots threatening you with attacks and demanding money.

We've been doing well for months with Incloudibly, our downtimes from attacks were short and as the hoster's and our filtering rules were optimized, downtimes completely vanished.

Besides, Incloudibly has a decent support team and some nice "pro" features included (like all-time KVM access).

  • Love 1

Share this post


Link to post

I think the best way for DDoS protection may be having multiple VPSs filtering connections before packets reach the real server or to use an actual hardware firewall. My host provides the options to add-on hardware firewalls but they are out of my price league. I could afford it for a while but it's nothing I could continually use and still profit or keep my server on while using.

 

6LYpP.png

 

One thing I like to do is make sure I get a dedicated 1Gbps port because alot of attacks can't even exceed half of that speed so it doesn't really effect the server. It will continue to eat up your bandwidth quickly though :/.

Doesn't mean you'll have a safe launch. The section has many faggots threatening you with attacks and demanding money.

We've been doing well for months with Incloudibly, our downtimes from attacks were short and as the hoster's and our filtering rules were optimized, downtimes completely vanished.

Besides, Incloudibly has a decent support team and some nice "pro" features included (like all-time KVM access).

Yeah, I even had this guy a few weeks ago who was using some exploits in my server to shut it off and demanding money, I told him to fuck off and fixed the problem instead.

  • Love 1

Share this post


Link to post

Its also nice for beginner servers with no good protection to have more than one login core and make it chooseable at the login interface. Cause many try to flood your Login port with ess-syn attack which can be hitting really hard. Even the syncookie installation doesnt grant 100% reliability as most of them will spoof their ip

Share this post


Link to post

Im using OVH and its very good in my opinion.

We have done a few tests on one of my servers.

 

This one was unfiltered, but it also took incloudibly down. I think there are no hosters for private persons which are able to filter such an attack directly.

 

574a58fddd.png

 

Here is a screenshot of the attacks i got as i was starting a new server. I think the 5mpps attack was from us too on this server.

Im sure that there was no attack with more than ~2,5mpps from a user/hater/1337hAxX0r which turned us down for more than 2 minutes.

 

2989c9f25c.png

 

King regards,

 

Nightwish 

  • Love 1

Share this post


Link to post

1) Has your server (if you own one) ever been attacked? How often?

yes,

2) Do you use any kind of DOS protection method?

yes, i use OVH :)as already said by nightwish this is a good, cheap protection. if you secure your server a lil bit, you should survive most of the attacks.

 

3) If yes, which one? Would you recommend it?

good question, if you don't have enough money to buy a better protected root i would recommend it. but if you have enough money to purchase a dedicated server from incloudibly, i would rather take the incloudibly server :)

4) Would you be interested in a low-cost DOS protection service?

maybe. for website hosting it would be nice :) but i prefer to host my gameserver myself, because i don't want that someone get's access to my data.

Share this post


Link to post
Guest

@zander actually its just a proxy so no access to your Server needed if you install and configure it for yourself.

Share this post


Link to post

I have to admit I was sceptic at OVH as it's "too cheap to be true". I had a dedicated once with them and had strange problems with their FreeBSD install. The control panel was also pretty bad. But if you can't afford dedicated protection I guess it's perfect.

Share this post


Link to post

We have multiple login servers running and the client simply iterates until one works.

 

 

Well, to go deeper into the protection service thing... with the source it would be quite easy to implement a reverse-proxying scheme so one dedicated game core could be behind a number of proxy peers that preprocess and filter traffic.

Then you can add a random/round robin connection routine to your client.

 

Oh yes, and you would have to find some way to announce multiple IP addresses for a single core (unless you are using Anycast like Cloudflare does).

I'm just thinking about using DNS SRV records or s.th. like this.

  • Love 1

Share this post


Link to post

In my opinion, it's quiet sensitive topic on FreeBSD; it has some deficiency in this area. You can easily protect your server against synflood, tcp/udp flood, but ddos is a harder topic. Of course you can make many protections against it too, but there will always be enough machine and data packets to shot out it. If you are running a big server, I think, the hardware firewall can be the best solution. Anyway, I am also interested about your solutions, maybe they can strengthen the defense.

Share this post


Link to post

Im using OVH and its very good in my opinion.

We have done a few tests on one of my servers.

 

This one was unfiltered, but it also took incloudibly down. I think there are no hosters for private persons which are able to filter such an attack directly.

 

574a58fddd.png

 

Here is a screenshot of the attacks i got as i was starting a new server. I think the 5mpps attack was from us too on this server.

Im sure that there was no attack with more than ~2,5mpps from a user/hater/1337hAxX0r which turned us down for more than 2 minutes.

 

2989c9f25c.png

 

King regards,

 

Nightwish 

 

The Graph was maxed out ;)

But thanks Nightwish, that you allowed me to attack the Server.

 

OVH offer´s actual one of the best Protections for just 40-60€. Everyone who want a host to start a Server, OVH is the right decision.

Share this post


Link to post

Its also nice for beginner servers with no good protection to have more than one login core and make it chooseable at the login interface. Cause many try to flood your Login port with ess-syn attack which can be hitting really hard. Even the syncookie installation doesnt grant 100% reliability as most of them will spoof their ip

 

I use server from kimsufi (OVH DDoS Protection) with a packetfilter who manage the traffic (packetsize, connections, how muck packets/connections per IP and the connections time out) for my loginport, cause clown was shooting on my loginport with ess-syns, and yes the hit really hard, but it was nice to see pfctl -e loginport was free. pfctl -d loginport was immediately down.

 tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.64935 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.64593 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.63974 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.62760 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.61666 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.61505 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.60694 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.60592 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.60178 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.59479 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.58656 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.58267 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.56958 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.55735 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.55339 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.54133 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.53442 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.52788 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.52311 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.51040 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.50948 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.49528 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.64526 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.63597 LAST_ACK
  • Love 1

Share this post


Link to post

kimsufi can't provide the protection they claim, they completely lack support at that company, and their FreeBSD installation is a little bugged in atleast one way: during installation of MySQL it loses the mysql account.

Share this post


Link to post

You can try install percona server (optimalized mysql-server with default InnoDB engine). May someone know whether firewall in ovh will filter layer 7 attack methods such as slowloris or ntp amplification?

Share this post


Link to post

Apparently there's a managed mode and an advanced one where you can configure the firewall yourself. From what I heard the protection works, can't say the same about the rest of the company though.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.