New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Hi again,
I've been playing around with this on another network, one that's ranked quite highly on Caida's AS Ranking (#88), Voxility. OVH is ranked #3315. Anyway, the IP address setup is somewhat similar to OVH's vrack, you have a gateway IP on the same subnet and some IPs are unusable (network, broadcast, gateway). I've been having problems applying this guide due to that, but I have finally found a solution after hours and hours of playing around. All I had to do was publish an ARP entry for one or more of the IP addresses so the network's router would then start sending traffic to the server without the server using one or more of these IP addresses. Some policy routing may still be needed but my method may not work with OVH's vrack still. I'll know soon and if it works I'll share the details of how I did it.
I don't know the exact process of how to do this in Linux, as I've been using MikroTik's RouterOS (CHR) on a virtual machine instead. However, I'm wondering if a similar principle and setup may now work for OVH's vrack too. This is something I will be trying soon and I'll post again once I have. In the meantime this might perhaps give someone some ideas if anyone's still trying to get vrack to work with this guide.
I'll be back here again with another post as soon as I've tried a similar approach with OVH's vrack.
EDIT: The reason I've been trying Voxility is due to the problems I've previously had with congestion somewhere on the route my ISP connection takes to the OVH server. So far I've not had this problem with Voxility (direct connection, not via a third party VPN like Mullvad - which I did as a workaround for the problem with OVH), so I may eventually switch over to them permanently.
Sadly that idea doesn't work with OVH's vrack. Presumably their router ignores or blocks this kind of setup (possibly for security reasons or simply just their unique way of implementing things?). I'm officially out of ideas on how one might get this working with OVH's vrack, however the ARP idea may also work on various other providers with a similar setup for the IPv4 addresses though - like it did for me on Voxility.
Good luck and hopefully it gave someone some insight or other ideas.
OVH firewall will block many types of UDP traffic including wireguard when you have ddos protection enabled (i.e. you are under attack). You need two public IPs (your public IP with ddos protection on, and a private IP with ddos protection off and not known to any attacker for the tunnel) for most "tunnelling" like this to work properly.
Good guide thanks but trace route shows the IP on both ends how can you do this guide behind a NAT
The last time I interacted with Voxility I came away with the impression that they don't have enough bandwidth to properly host a mitigation service. Might be fine for smaller attacks, but not for larger floods.