New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
If you have OVH's PRO DDOS protection with firewall rules properly setup, this won't happen. I have tested it for lot of time & my servers have been subject of big UDP amplification attacks. OVH's DDoS protection really works if you know how to utilize it properly.
Would you care to test with me? PM your skype please if you want to.
@K2Bytes
You seem really confident about OVH's protection all the time. If they are truely that good then you should be having no problem with accepting @CNSjack 's offer to confirm your claims.
PM'ed
What I witnessed with @CNSJack was that OVH does leak some spoofed UDP packets during an attack but there was no effect on the game server & everything worked like it normally would. I was in the game server & I saw no timeouts, traffic drops or ping jumps for a second even.
I sent about 80mbps traffic, and OVH leaked 70mbps. If the game server stays up and no lag all these time, then it's a very well optimized game server, unfortunately I don't have a good script to send large traffic in order to saturate the server uplink.
#Update
Staminus successfully adjusted their network filtering systems to hold off those Source Engine based floods without impacting the gameserver in any way. Hosthatch has been very helpful in the process as the middleman, I definitly recommend them!
@CNSjack showed me that 80mbps udp takes down RamNode DDoS filtered IPs, also an iwstack server (with light DDoS protection) had 50% packet loss.
Does it hold off spoofed udp attacks? would be truely amazing if it does.
I'm pretty confident that @CNSjack isn't your average mad kid that just launches a random ddos attack out of the wild using a cheap $7 booter because he got banned from a gameserver. He seems to know what he is doing.
I Just want to prove that most providers are not able to filter spoofed udp unless specialized app filters in place which is very rare. Seems lots people don't know that though.
Still, it's very worrying, that RamNode even nullrouted for this attack and it was far away from 2mio pps, the attacker would only have to send some attacks and soon the attacked would be nullrouted 24 hours despite having a DDoS protected IP. Seems like they use a system similar to nodewatch and any attack that leaks atleast 160k pps would trigger a nullroute, even behind their filtered IPs.
I dont know if the term "shared ddos protection" come in play with this matter but yeah, I wouldn't like that result either.
Just wanted to say thanks for the interesting & informative posts. Do the attributes of the UDP protocol contribute to the complexity of mitigation solutions? Being a stateless protocol that lacks the "organizational" features of TCP, it seems that the amount of traffic generated by an attack utilizing the UDP protocol is much greater than that of a TCP-based attack as well.