Advanced ddos protection

Post Reply
dustinandband
A semi-regular
A semi-regular
Posts: 18
Joined: Mon Oct 05, 2015 7:38 pm

Advanced ddos protection

Post by dustinandband » Fri Nov 27, 2015 2:04 pm

Hello,

I was wondering about any advanced dos/ddos protection methods you guys could recommend (links please) for making sure that a server is almost immune to dos/ddos attacks?

8:57 AM - dustin: Is the default NFO dos / doss filtering good enough for a server group? As in, no firewall settings in the control panel and no ip tables. Another server admin who's new like me said that NFO automatically filtered a ddos for 11 days and sent him an email about it too. I was impressed as all this time I thought that ddos / dos protection needed to be set up
1:38 PM - √isor: it's not good enough if you have a high traffic server
1:38 PM - √isor: there are malicious packets that aren't filtered by nfo
1:38 PM - √isor: but they can cause severe lags and crashes on l4d2 servers
1:39 PM - √isor: without overwhelming any hardware resources or internet bandwidth
1:39 PM - √isor: it's called programmatic exploit dos
1:39 PM - √isor: there's a reason i'm asking for 40 bucks for my servers are not 10
1:40 PM - dustin: would sir's IP tables filter out those kinds of packets
1:40 PM - dustin: ah i see
1:40 PM - √isor: there is a lot to learn if you jsut want to play in peace without bothering to learn an overwhelming amount of technical subtleties to actually manage a confogl server in l4d2
1:40 PM - √isor: idk about it, try
1:41 PM - √isor: as far as i can tell his last settings were ok but if you want to make sure he posted them ask him personally
1:41 PM - √isor: w/e u find on his github can be severely outdated


The day I pay $40 for a highly configured L4D2 promod server is the day I'll off myself. I already own two promod servers of my own but I don't have any advanced dos/ddos protection and it's not as optimized as this guy's servers obviously. However, he did mention something, "programmatic exploit dos," which I never heard of before.

I plan on doing research and finding out things for myself but I figure if anyone's been there done that, so to speak, it would save a lot of time.

Sir's ip tables are in reference to https://github.com/SirPlease/IPTables

Thanks!

User avatar
kraze
Staff
Staff
Posts: 4357
Joined: Fri Sep 17, 2010 9:06 am
Location: California

Re: Advanced ddos protection

Post by kraze » Sat Nov 28, 2015 1:09 pm

In some cases there are a few plugins you can install to patch some game exploits, but overall DDoS protection must be done at a network level(something we already do). Generally speaking, you shouldn't be too proactive in this department as you'll just run around driving yourself crazy thinking everything is a DDoS attack and that you need better protection.
@Kraze^NFo> Juski has a very valid point
@Juski> Got my new signature, thanks!
@Kraze^NFo> Out of context!
@Juski> Doesn't matter!
@Juski> You said I had a valid point! You can't take it back now! It's out there!

User avatar
Edge100x
Founder
Founder
Posts: 12218
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:

Re: Advanced ddos protection

Post by Edge100x » Sat Nov 28, 2015 4:55 pm

If you are attacked, make a packet capture and we can help you to work on filtering it.

He invented the term "programmatic exploit dos" but probably is just referring to "application-specific" or "layer-7" attacks that target application-level weaknesses in specific software. For instance, "split packet" attacks cause problems with Source games because of design problems with the software, and it takes very little traffic to take down a server with one. (That specific attack will show up in the server's console log if it is enabled.)

dustinandband
A semi-regular
A semi-regular
Posts: 18
Joined: Mon Oct 05, 2015 7:38 pm

Re: Advanced ddos protection

Post by dustinandband » Mon Nov 30, 2015 8:59 am

Thanks for that info. He only told me after I told him I was inquiring about it on NFO that it was a made up term. I don't think I'll have a problem with ddos now thinking about it but always more safe than sorry :)

dustinandband
A semi-regular
A semi-regular
Posts: 18
Joined: Mon Oct 05, 2015 7:38 pm

Re: Advanced ddos protection

Post by dustinandband » Sat Apr 02, 2016 3:06 pm

It's been a few months, and I just wanted to add that we did need some extra protection on top of NFO's default filtering system, in order to make sure there were no short server lags before the DDoS filter kicked in:

https://youtu.be/cr5oCivfmiE?t=1h14m5s

We ended up using sir's ip tables, in conjunction with relying on NFO's DDoS filtering system, to prevent this from happening in future games and tournaments. Seems to be working!
https://github.com/SirPlease/IPTables

User avatar
kraze
Staff
Staff
Posts: 4357
Joined: Fri Sep 17, 2010 9:06 am
Location: California

Re: Advanced ddos protection

Post by kraze » Sat Apr 02, 2016 3:23 pm

I am glad to hear this. It seems like what you saw was an attack and the lag was just a delay from our system kicking in. Sadly, there is a short delay :/ We definitely recommend and will gladly help customer input filters via the Firewall tab in their control panel in an attempt to filter some additional traffic until our mitigation system kicks in and filters it entirely.
@Kraze^NFo> Juski has a very valid point
@Juski> Got my new signature, thanks!
@Kraze^NFo> Out of context!
@Juski> Doesn't matter!
@Juski> You said I had a valid point! You can't take it back now! It's out there!

User avatar
Edge100x
Founder
Founder
Posts: 12218
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:

Re: Advanced ddos protection

Post by Edge100x » Mon Apr 04, 2016 1:00 am

Looking at that ruleset, most of those rules don't apply and some can cause performance problems. If they work for you, that's good -- keep it! -- but I would not recommend that customers apply them in general. Instead, targeted rules for the specific attacks that are being seen would be better.

Post Reply