New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Protect (hide) game server IP address - Battlefield Bad Company 2
Anna_Parker
Member
Hello world!
I am running Battlefield Bad Company 2 server. Since we are getting DDoS attacks it is easy to deal with using hostings with strong antiddos protection (path.net FTW!). The problem is the game server is old (like Windows 7) and full of bugs and the attackers injects some data to crash server and/or drop all player's connections. Game server requires few ports UDP and TCP.
The question is:
How to run game server and hide real IP of server? It should look like this:
Attackers
^
v
My VPS Server < > Magic < > Master Server
^ /
v v
Players
What can be a magic here? Cloudflare enterprise solution is damn expensive. Any lowend? TIA.
Comments
You need to patch that. Otherwise no DDoS protection will cover you.
Identify the bugs and block them on with available server tools or at worst case, in the network level with string search for example, or hex search from each package.
You cannot "hide" an IP which you expect players to connect.
ipv6 will save you.
I think what they're saying is that the game server software is no longer maintained by it's developer, and since it's battlefield, not open source for OP or anyone else to fix.
DDoS mitigation can absolutely still help even if the software itself is vulnerable to exploits that occur over the network. It just needs to be a tailored solution, figure out what packets are being used to disrupt the legitimate traffic/crash the server, and discard them prior to them reaching the application.
I am not familiar with BFBC2, but usually server crashers send invalid or too many commands to server which causes it to use all available resources.
Here is example from CSGO
https://forums.alliedmods.net/showthread.php?t=284184
So to fight with that you can capture the packets, find common patterns and then block it on firewall. It will be a simple solution that may completely block it or not, depends on quality of the rule and if there's multiple methods.
If its server command spamming then you can play with rate limiting.
This will require you to spend a lot of time.
You can speedup process by finding exact hack that they use to crash server, as this is probably automated by some paid cheat.
If playerbase doesn't change that much you can have bulletproof firewall quite easily - default-deny on your firewall and allow only IPs/accounts that belong to X player. Some servers do it automatically via script/bot (for example ohnePixel's server in CS2 requires you to connect your Steam account to their Discord and you won't connect to server otherwise. If you join Discord and connect your Steam ID then you are able to connect. Trolls/crashers are basically non-existing, too much hassle for them.).