DOS protection: your experiences

[Shogun 4478]

Hi guys,

 

Lately I have been analyzing the different DOS protection options trying to find something affordable for small servers which can't pay something like BlackLotus.

 

I already have some ideas in mind but I would appreciate if you help complement my study answering to these questions:

 

1) Has your server (if you own one) ever been attacked? How often?

 

2) Do you use any kind of DOS protection method?

 

3) If yes, which one? Would you recommend it?

 

4) Would you be interested in a low-cost DOS protection service?

 

 

Regards

[.InyaProduction 1084]

I've been as Developer on a Server. First we tried SafeWare as one of the first customers.. at revealed as real crap cause the servers shut down on the first sign of (D)DoS

Then we switched to Incloubly. They had a really nice protection.. If i can trust the statistics we saw we had an Attack of 70 - spikes of 100 Gbit/s incoming and they did manage to block it

[Padrio 975]

Im currently working on my own private Server and i think that D/DOS is a big Problem.

I'll try to secure my Server as much as i can.

I think about to use an soyoustart dedicated Server (ovh) because they have a damn good protection against D/DOS for up to 10 gbps.

If anyone has another ideas just tell me please

Gesendet von meinem Nexus 5 mit Tapatalk

[.InyaProduction 1084]

Im currently working on my own private Server and i think that D/DOS is a big Problem.

I'll try to secure my Server as much as i can.

I think about to use an soyoustart dedicated Server (ovh) because they have a damn good protection against D/DOS for up to 10 gbps.

If anyone has another ideas just tell me please

Gesendet von meinem Nexus 5 mit Tapatalk

Like i said above try Incloudbly. But they have very high prices for their excellent service.

[Padrio 975]

But the prices are really much higher than soyoustart.

Gesendet von meinem Nexus 5 mit Tapatalk

[.InyaProduction 1084]

But the prices are really much higher than soyoustart.

Gesendet von meinem Nexus 5 mit Tapatalk

Yes thats true. But you will avoid to go down on your first day with their servers

[Padrio 975]

Yes thats true. But you will avoid to go down on your first day with their servers

What do you mean?

Gesendet von meinem Nexus 5 mit Tapatalk

[.InyaProduction 1084]

What do you mean?

Gesendet von meinem Nexus 5 mit Tapatalk

The DDoS in metin2 section is very heavy. Like i said we got up to 100 Gbit/s DDoS in our first week

[Padrio 975]

Im padrio, not very popular and the only opponents i have are theese loxer kids :b

Gesendet von meinem Nexus 5 mit Tapatalk

[Mashkin 16]

Im padrio, not very popular and the only opponents i have are theese loxer kids :b

Gesendet von meinem Nexus 5 mit Tapatalk

Doesn't mean you'll have a safe launch. The section has many faggots threatening you with attacks and demanding money.

We've been doing well for months with Incloudibly, our downtimes from attacks were short and as the hoster's and our filtering rules were optimized, downtimes completely vanished.

Besides, Incloudibly has a decent support team and some nice "pro" features included (like all-time KVM access).

[Rumor 2548]

I think the best way for DDoS protection may be having multiple VPSs filtering connections before packets reach the real server or to use an actual hardware firewall. My host provides the options to add-on hardware firewalls but they are out of my price league. I could afford it for a while but it's nothing I could continually use and still profit or keep my server on while using.

 

 

One thing I like to do is make sure I get a dedicated 1Gbps port because alot of attacks can't even exceed half of that speed so it doesn't really effect the server. It will continue to eat up your bandwidth quickly though :/.

Doesn't mean you'll have a safe launch. The section has many faggots threatening you with attacks and demanding money.

We've been doing well for months with Incloudibly, our downtimes from attacks were short and as the hoster's and our filtering rules were optimized, downtimes completely vanished.

Besides, Incloudibly has a decent support team and some nice "pro" features included (like all-time KVM access).

Yeah, I even had this guy a few weeks ago who was using some exploits in my server to shut it off and demanding money, I told him to fuck off and fixed the problem instead.

Edited August 18, 2022 by Metin2 Dev
Core X - External 2 Internal

[.InyaProduction 1084]

Its also nice for beginner servers with no good protection to have more than one login core and make it chooseable at the login interface. Cause many try to flood your Login port with ess-syn attack which can be hitting really hard. Even the syncookie installation doesnt grant 100% reliability as most of them will spoof their ip

[Nightwish 16]

Im using OVH and its very good in my opinion.

We have done a few tests on one of my servers.

 

This one was unfiltered, but it also took incloudibly down. I think there are no hosters for private persons which are able to filter such an attack directly.

 

 

Here is a screenshot of the attacks i got as i was starting a new server. I think the 5mpps attack was from us too on this server.

Im sure that there was no attack with more than ~2,5mpps from a user/hater/1337hAxX0r which turned us down for more than 2 minutes.

 

 

King regards,

 

Nightwish 

[Zander 2]

1) Has your server (if you own one) ever been attacked? How often?

yes,

2) Do you use any kind of DOS protection method?

yes, i use OVH as already said by nightwish this is a good, cheap protection. if you secure your server a lil bit, you should survive most of the attacks.

 

3) If yes, which one? Would you recommend it?

good question, if you don't have enough money to buy a better protected root i would recommend it. but if you have enough money to purchase a dedicated server from incloudibly, i would rather take the incloudibly server

4) Would you be interested in a low-cost DOS protection service?

maybe. for website hosting it would be nice but i prefer to host my gameserver myself, because i don't want that someone get's access to my data.

[Metin2 Dev 4691]

@zander actually its just a proxy so no access to your Server needed if you install and configure it for yourself.

[Shogun 4478]

I have to admit I was sceptic at OVH as it's "too cheap to be true". I had a dedicated once with them and had strange problems with their FreeBSD install. The control panel was also pretty bad. But if you can't afford dedicated protection I guess it's perfect.

[Mashkin 16]

We have multiple login servers running and the client simply iterates until one works.

 

 

Well, to go deeper into the protection service thing... with the source it would be quite easy to implement a reverse-proxying scheme so one dedicated game core could be behind a number of proxy peers that preprocess and filter traffic.

Then you can add a random/round robin connection routine to your client.

 

Oh yes, and you would have to find some way to announce multiple IP addresses for a single core (unless you are using Anycast like Cloudflare does).

I'm just thinking about using DNS SRV records or s.th. like this.

[RoxaLyssa 301]

In my opinion, it's quiet sensitive topic on FreeBSD; it has some deficiency in this area. You can easily protect your server against synflood, tcp/udp flood, but ddos is a harder topic. Of course you can make many protections against it too, but there will always be enough machine and data packets to shot out it. If you are running a big server, I think, the hardware firewall can be the best solution. Anyway, I am also interested about your solutions, maybe they can strengthen the defense.

[.CHHorny 6]

Im using OVH and its very good in my opinion.

We have done a few tests on one of my servers.

 

This one was unfiltered, but it also took incloudibly down. I think there are no hosters for private persons which are able to filter such an attack directly.

 

 

Here is a screenshot of the attacks i got as i was starting a new server. I think the 5mpps attack was from us too on this server.

Im sure that there was no attack with more than ~2,5mpps from a user/hater/1337hAxX0r which turned us down for more than 2 minutes.

 

 

King regards,

 

Nightwish 

 

The Graph was maxed out

But thanks Nightwish, that you allowed me to attack the Server.

 

OVH offer´s actual one of the best Protections for just 40-60€. Everyone who want a host to start a Server, OVH is the right decision.

[callmax 220]

Its also nice for beginner servers with no good protection to have more than one login core and make it chooseable at the login interface. Cause many try to flood your Login port with ess-syn attack which can be hitting really hard. Even the syncookie installation doesnt grant 100% reliability as most of them will spoof their ip

 

I use server from kimsufi (OVH DDoS Protection) with a packetfilter who manage the traffic (packetsize, connections, how muck packets/connections per IP and the connections time out) for my loginport, cause clown was shooting on my loginport with ess-syns, and yes the hit really hard, but it was nice to see pfctl -e loginport was free. pfctl -d loginport was immediately down.

 tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.64935 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.64593 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.63974 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.62760 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.61666 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.61505 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.60694 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.60592 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.60178 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.59479 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.58656 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.58267 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.56958 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.55735 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.55339 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.54133 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.53442 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.52788 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.52311 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.51040 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.50948 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.49528 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.64526 LAST_ACK
tcp4       0     15 5.135.28.16.10002      erfurt-s12-i01.c.63597 LAST_ACK

[Rumor 2548]

kimsufi can't provide the protection they claim, they completely lack support at that company, and their FreeBSD installation is a little bugged in atleast one way: during installation of MySQL it loses the mysql account.

[IceShiva 145]

You can try install percona server (optimalized mysql-server with default InnoDB engine). May someone know whether firewall in ovh will filter layer 7 attack methods such as slowloris or ntp amplification?

[Shogun 4478]

Apparently there's a managed mode and an advanced one where you can configure the firewall yourself. From what I heard the protection works, can't say the same about the rest of the company though.