Looking for remote DDoS protection/migitation
FrozenPvPs
Member
Hello!
I am looking for remote DDoS protection/migitation.
I want to home host a server, and I only need DDoS protection and then I'm set.
My home server is going to have Ubuntu 16.04 LTS.
I currently have a gigabit residential connection with Comcast. (I'll be getting a business connection soon)
I have a TPLink router and an Orbi mesh system, along with an XFI Modem.
I live in New Jersey.
I need to be able to open all of the ports as I'm running game servers.
I've been recently looking into https://x4b.net, which uses GRE Tunneling. I'm not sure if it'll work, however it seems very promising.
I've also been looking into purchasing a DDoS protected VPS and running OpenVPN on my router, then opening all the ports. I'm not sure if this will work.
I'm looking for something cheap.
Any suggestions?
Comments
Given you're running game servers, you probably want something close. You could probably look at getting one of BuyVM's slices, given they have a location in New Jersey, add on a DDoS-protected IP and run a GRE tunnel back to your place. Bam, unmetered bandwidth.
Home network will make everything difficult, especially if you don't have a Static IP - or have CGNAT.
OpenVPN tunnel solves this. He will use VPN IP and open ports from the VPS.
Check: https://lowendtalk.com/discussion/156850/howto-tunnel-ddos-protected-ovh-ip-to-vms-in-other-datacenter#latest
With a little modification and GRE forwarding, it's possible at home. I've done it.
Try ddos-guard or hi-load systems company
Thanks for this, I'll try it. Where can I find my IP block? (I only have 1 other IP)
I'll try this however, BuyVM slices are only available in LA.
For ddos-guard you need a company/business with a datacenter.
You can't do GRE unless you have a static IP.
Just want to do OpenVPN or PPTP. Get an OVH or BuyVM VPS (yes, there's a NY location).
For me i use ESET internet security. It seems to help out alot. Suggest using that if u want complete protection. Another thing is modsecurity with IIS (Internet Information Service).
Don’t run game servers at home. Buy a VPS or a Dedicated on a protected network and be done with it
Useless.
Again, useless against DDOS. Also LOL at using IIS.
I want to home host a server, and I only need DDoS protection and then I'm set.
not sure if Argo tunnel from Cloudflare would be suited - they have free version now https://blog.cloudflare.com/a-free-argo-tunnel-for-your-next-project/
You will never make the normal protection of the game server at home. Just remember this.
Not true,
You can make a automatic script that checks the IP every 1 minute and edit it on both sides if needed.
Here in de Netherlands a dynamic IP only changes ones per year anyways as long you don't replace your router or change the MAC address of your router.
A subnet is required /28 at least.
The problem of running a home server is you will need a static ip which most internet providers don't give. They rotate ips about four times a day.
It's unreliable. Also, a lot of ISPs firewall you off (or straight up CG-NAT you) unless you pay for a static IP.
Maybe try wireguard. It's supposedly better with seamless IP roaming.
Not really, it's quite a problematic solution for anyone who wants reliable uptime. I've done a few posts historically on why this is, I won't repeat myself there.
re; Dynamic IPs and CGNAT. At the end of the day if your ISP changes your IP, you will loose all connections while all elements in your networking stack reconnect and resume (PPOE -> OVPN).
Wireguard in the near future (or possibly now - if you are running an edgier kernel than I) may be the solution for some of OpenVPNs issues for this application though. From what I've seen session resumption speed and overal performance is quite good - assuming your ISPs IP switches are fast, and your stack layers stateless (i.e not PPPOE) you might not loose all the connections.
Rather than spending money on upgrading to a Biz connection, spending on a proper hosted server is likely a better use of his/her money.
My provider never really gives new IP's.
I once had the same IP for 1 year straight. The only time my IP has changed was when I upgraded internet speeds.
Anyways, if it's really needed, I can easily switch to Comcast Business or ask for a static IP. + I'm pretty sure extra IP's are already static.
I'll agree with others in this thread - leasing a dedicated server from some provider (OVH?) is a money much better spent than paying for a business line + tunneling.
Keep in mind that Comcast is notorious for giving shit upload speeds, even with their high bandwidth packages. I think the upload speeds on the 1gig plans are ~30 Mbps. Pitiful. They do this to discourage exactly this (hosting services at home).
https://www.psychz.net/ddos-mitigation.html
https://ddos-guard.net/ not sure about this site but looks interesting.
https://javapipe.com/ddos-protection/