Premium Shogun 4587 Posted February 6, 2014 Premium Share Posted February 6, 2014 Hi guys, Lately I have been analyzing the different DOS protection options trying to find something affordable for small servers which can't pay something like BlackLotus. I already have some ideas in mind but I would appreciate if you help complement my study answering to these questions: 1) Has your server (if you own one) ever been attacked? How often? 2) Do you use any kind of DOS protection method? 3) If yes, which one? Would you recommend it? 4) Would you be interested in a low-cost DOS protection service? Regards Link to comment Share on other sites More sharing options...
Former Staff .InyaProduction 1124 Posted February 6, 2014 Former Staff Share Posted February 6, 2014 I've been as Developer on a Server. First we tried SafeWare as one of the first customers.. at revealed as real crap cause the servers shut down on the first sign of (D)DoS Then we switched to Incloubly. They had a really nice protection.. If i can trust the statistics we saw we had an Attack of 70 - spikes of 100 Gbit/s incoming and they did manage to block it Link to comment Share on other sites More sharing options...
Padrio 988 Posted February 6, 2014 Share Posted February 6, 2014 Im currently working on my own private Server and i think that D/DOS is a big Problem. I'll try to secure my Server as much as i can. I think about to use an soyoustart dedicated Server (ovh) because they have a damn good protection against D/DOS for up to 10 gbps. If anyone has another ideas just tell me please Gesendet von meinem Nexus 5 mit Tapatalk Link to comment Share on other sites More sharing options...
Former Staff .InyaProduction 1124 Posted February 6, 2014 Former Staff Share Posted February 6, 2014 Im currently working on my own private Server and i think that D/DOS is a big Problem. I'll try to secure my Server as much as i can. I think about to use an soyoustart dedicated Server (ovh) because they have a damn good protection against D/DOS for up to 10 gbps. If anyone has another ideas just tell me please Gesendet von meinem Nexus 5 mit Tapatalk Like i said above try Incloudbly. But they have very high prices for their excellent service. Link to comment Share on other sites More sharing options...
Padrio 988 Posted February 6, 2014 Share Posted February 6, 2014 But the prices are really much higher than soyoustart. Gesendet von meinem Nexus 5 mit Tapatalk Link to comment Share on other sites More sharing options...
Former Staff .InyaProduction 1124 Posted February 6, 2014 Former Staff Share Posted February 6, 2014 But the prices are really much higher than soyoustart. Gesendet von meinem Nexus 5 mit Tapatalk Yes thats true. But you will avoid to go down on your first day with their servers Link to comment Share on other sites More sharing options...
Padrio 988 Posted February 6, 2014 Share Posted February 6, 2014 Yes thats true. But you will avoid to go down on your first day with their servers What do you mean? Gesendet von meinem Nexus 5 mit Tapatalk Link to comment Share on other sites More sharing options...
Former Staff .InyaProduction 1124 Posted February 6, 2014 Former Staff Share Posted February 6, 2014 What do you mean? Gesendet von meinem Nexus 5 mit Tapatalk The DDoS in metin2 section is very heavy. Like i said we got up to 100 Gbit/s DDoS in our first week Link to comment Share on other sites More sharing options...
Padrio 988 Posted February 6, 2014 Share Posted February 6, 2014 Im padrio, not very popular and the only opponents i have are theese loxer kids :b Gesendet von meinem Nexus 5 mit Tapatalk Link to comment Share on other sites More sharing options...
Mashkin 16 Posted February 6, 2014 Share Posted February 6, 2014 Im padrio, not very popular and the only opponents i have are theese loxer kids :b Gesendet von meinem Nexus 5 mit Tapatalk Doesn't mean you'll have a safe launch. The section has many faggots threatening you with attacks and demanding money. We've been doing well for months with Incloudibly, our downtimes from attacks were short and as the hoster's and our filtering rules were optimized, downtimes completely vanished. Besides, Incloudibly has a decent support team and some nice "pro" features included (like all-time KVM access). 1 Link to comment Share on other sites More sharing options...
Rumor 2606 Posted February 6, 2014 Share Posted February 6, 2014 (edited) I think the best way for DDoS protection may be having multiple VPSs filtering connections before packets reach the real server or to use an actual hardware firewall. My host provides the options to add-on hardware firewalls but they are out of my price league. I could afford it for a while but it's nothing I could continually use and still profit or keep my server on while using. One thing I like to do is make sure I get a dedicated 1Gbps port because alot of attacks can't even exceed half of that speed so it doesn't really effect the server. It will continue to eat up your bandwidth quickly though :/. Doesn't mean you'll have a safe launch. The section has many faggots threatening you with attacks and demanding money. We've been doing well for months with Incloudibly, our downtimes from attacks were short and as the hoster's and our filtering rules were optimized, downtimes completely vanished. Besides, Incloudibly has a decent support team and some nice "pro" features included (like all-time KVM access). Yeah, I even had this guy a few weeks ago who was using some exploits in my server to shut it off and demanding money, I told him to fuck off and fixed the problem instead. Edited August 18, 2022 by Metin2 Dev Core X - External 2 Internal 1 Link to comment Share on other sites More sharing options...
Former Staff .InyaProduction 1124 Posted February 6, 2014 Former Staff Share Posted February 6, 2014 Its also nice for beginner servers with no good protection to have more than one login core and make it chooseable at the login interface. Cause many try to flood your Login port with ess-syn attack which can be hitting really hard. Even the syncookie installation doesnt grant 100% reliability as most of them will spoof their ip Link to comment Share on other sites More sharing options...
Nightwish 16 Posted February 6, 2014 Share Posted February 6, 2014 Im using OVH and its very good in my opinion. We have done a few tests on one of my servers. This one was unfiltered, but it also took incloudibly down. I think there are no hosters for private persons which are able to filter such an attack directly. Here is a screenshot of the attacks i got as i was starting a new server. I think the 5mpps attack was from us too on this server. Im sure that there was no attack with more than ~2,5mpps from a user/hater/1337hAxX0r which turned us down for more than 2 minutes. King regards, Nightwish 1 Link to comment Share on other sites More sharing options...
Zander 2 Posted February 6, 2014 Share Posted February 6, 2014 1) Has your server (if you own one) ever been attacked? How often? yes, 2) Do you use any kind of DOS protection method? yes, i use OVH as already said by nightwish this is a good, cheap protection. if you secure your server a lil bit, you should survive most of the attacks. 3) If yes, which one? Would you recommend it? good question, if you don't have enough money to buy a better protected root i would recommend it. but if you have enough money to purchase a dedicated server from incloudibly, i would rather take the incloudibly server 4) Would you be interested in a low-cost DOS protection service? maybe. for website hosting it would be nice but i prefer to host my gameserver myself, because i don't want that someone get's access to my data. Link to comment Share on other sites More sharing options...
Bot Metin2 Dev 4879 Posted February 6, 2014 Bot Share Posted February 6, 2014 @zander actually its just a proxy so no access to your Server needed if you install and configure it for yourself. Link to comment Share on other sites More sharing options...
Premium Shogun 4587 Posted February 6, 2014 Author Premium Share Posted February 6, 2014 I have to admit I was sceptic at OVH as it's "too cheap to be true". I had a dedicated once with them and had strange problems with their FreeBSD install. The control panel was also pretty bad. But if you can't afford dedicated protection I guess it's perfect. Link to comment Share on other sites More sharing options...
Mashkin 16 Posted February 6, 2014 Share Posted February 6, 2014 We have multiple login servers running and the client simply iterates until one works. Well, to go deeper into the protection service thing... with the source it would be quite easy to implement a reverse-proxying scheme so one dedicated game core could be behind a number of proxy peers that preprocess and filter traffic. Then you can add a random/round robin connection routine to your client. Oh yes, and you would have to find some way to announce multiple IP addresses for a single core (unless you are using Anycast like Cloudflare does). I'm just thinking about using DNS SRV records or s.th. like this. 1 Link to comment Share on other sites More sharing options...
RoxaLyssa 310 Posted February 7, 2014 Share Posted February 7, 2014 In my opinion, it's quiet sensitive topic on FreeBSD; it has some deficiency in this area. You can easily protect your server against synflood, tcp/udp flood, but ddos is a harder topic. Of course you can make many protections against it too, but there will always be enough machine and data packets to shot out it. If you are running a big server, I think, the hardware firewall can be the best solution. Anyway, I am also interested about your solutions, maybe they can strengthen the defense. Link to comment Share on other sites More sharing options...
.CHHorny 6 Posted February 7, 2014 Share Posted February 7, 2014 Im using OVH and its very good in my opinion. We have done a few tests on one of my servers. This one was unfiltered, but it also took incloudibly down. I think there are no hosters for private persons which are able to filter such an attack directly. Here is a screenshot of the attacks i got as i was starting a new server. I think the 5mpps attack was from us too on this server. Im sure that there was no attack with more than ~2,5mpps from a user/hater/1337hAxX0r which turned us down for more than 2 minutes. King regards, Nightwish The Graph was maxed out But thanks Nightwish, that you allowed me to attack the Server. OVH offer´s actual one of the best Protections for just 40-60€. Everyone who want a host to start a Server, OVH is the right decision. Link to comment Share on other sites More sharing options...
callmax 227 Posted February 21, 2014 Share Posted February 21, 2014 Its also nice for beginner servers with no good protection to have more than one login core and make it chooseable at the login interface. Cause many try to flood your Login port with ess-syn attack which can be hitting really hard. Even the syncookie installation doesnt grant 100% reliability as most of them will spoof their ip I use server from kimsufi (OVH DDoS Protection) with a packetfilter who manage the traffic (packetsize, connections, how muck packets/connections per IP and the connections time out) for my loginport, cause clown was shooting on my loginport with ess-syns, and yes the hit really hard, but it was nice to see pfctl -e loginport was free. pfctl -d loginport was immediately down. tcp4 0 15 5.135.28.16.10002 erfurt-s12-i01.c.64935 LAST_ACK tcp4 0 15 5.135.28.16.10002 erfurt-s12-i01.c.64593 LAST_ACK tcp4 0 15 5.135.28.16.10002 erfurt-s12-i01.c.63974 LAST_ACK tcp4 0 15 5.135.28.16.10002 erfurt-s12-i01.c.62760 LAST_ACK tcp4 0 15 5.135.28.16.10002 erfurt-s12-i01.c.61666 LAST_ACK tcp4 0 15 5.135.28.16.10002 erfurt-s12-i01.c.61505 LAST_ACK tcp4 0 15 5.135.28.16.10002 erfurt-s12-i01.c.60694 LAST_ACK tcp4 0 15 5.135.28.16.10002 erfurt-s12-i01.c.60592 LAST_ACK tcp4 0 15 5.135.28.16.10002 erfurt-s12-i01.c.60178 LAST_ACK tcp4 0 15 5.135.28.16.10002 erfurt-s12-i01.c.59479 LAST_ACK tcp4 0 15 5.135.28.16.10002 erfurt-s12-i01.c.58656 LAST_ACK tcp4 0 15 5.135.28.16.10002 erfurt-s12-i01.c.58267 LAST_ACK tcp4 0 15 5.135.28.16.10002 erfurt-s12-i01.c.56958 LAST_ACK tcp4 0 15 5.135.28.16.10002 erfurt-s12-i01.c.55735 LAST_ACK tcp4 0 15 5.135.28.16.10002 erfurt-s12-i01.c.55339 LAST_ACK tcp4 0 15 5.135.28.16.10002 erfurt-s12-i01.c.54133 LAST_ACK tcp4 0 15 5.135.28.16.10002 erfurt-s12-i01.c.53442 LAST_ACK tcp4 0 15 5.135.28.16.10002 erfurt-s12-i01.c.52788 LAST_ACK tcp4 0 15 5.135.28.16.10002 erfurt-s12-i01.c.52311 LAST_ACK tcp4 0 15 5.135.28.16.10002 erfurt-s12-i01.c.51040 LAST_ACK tcp4 0 15 5.135.28.16.10002 erfurt-s12-i01.c.50948 LAST_ACK tcp4 0 15 5.135.28.16.10002 erfurt-s12-i01.c.49528 LAST_ACK tcp4 0 15 5.135.28.16.10002 erfurt-s12-i01.c.64526 LAST_ACK tcp4 0 15 5.135.28.16.10002 erfurt-s12-i01.c.63597 LAST_ACK 1 Link to comment Share on other sites More sharing options...
Rumor 2606 Posted February 21, 2014 Share Posted February 21, 2014 kimsufi can't provide the protection they claim, they completely lack support at that company, and their FreeBSD installation is a little bugged in atleast one way: during installation of MySQL it loses the mysql account. Link to comment Share on other sites More sharing options...
IceShiva 150 Posted February 23, 2014 Share Posted February 23, 2014 You can try install percona server (optimalized mysql-server with default InnoDB engine). May someone know whether firewall in ovh will filter layer 7 attack methods such as slowloris or ntp amplification? Link to comment Share on other sites More sharing options...
Premium Shogun 4587 Posted February 28, 2014 Author Premium Share Posted February 28, 2014 Apparently there's a managed mode and an advanced one where you can configure the firewall yourself. From what I heard the protection works, can't say the same about the rest of the company though. Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now