Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Looking for remote DDoS protection/migitation
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Looking for remote DDoS protection/migitation

Hello!

I am looking for remote DDoS protection/migitation.
I want to home host a server, and I only need DDoS protection and then I'm set.

My home server is going to have Ubuntu 16.04 LTS.
I currently have a gigabit residential connection with Comcast. (I'll be getting a business connection soon)
I have a TPLink router and an Orbi mesh system, along with an XFI Modem.
I live in New Jersey.
I need to be able to open all of the ports as I'm running game servers.

I've been recently looking into https://x4b.net, which uses GRE Tunneling. I'm not sure if it'll work, however it seems very promising.

I've also been looking into purchasing a DDoS protected VPS and running OpenVPN on my router, then opening all the ports. I'm not sure if this will work.

I'm looking for something cheap.
Any suggestions?

Comments

  • Given you're running game servers, you probably want something close. You could probably look at getting one of BuyVM's slices, given they have a location in New Jersey, add on a DDoS-protected IP and run a GRE tunnel back to your place. Bam, unmetered bandwidth.

  • SplitIceSplitIce Member, Host Rep

    Home network will make everything difficult, especially if you don't have a Static IP - or have CGNAT.

  • @SplitIce said:
    Home network will make everything difficult, especially if you don't have a Static IP - or have CGNAT.

    OpenVPN tunnel solves this. He will use VPN IP and open ports from the VPS.

  • Check: https://lowendtalk.com/discussion/156850/howto-tunnel-ddos-protected-ovh-ip-to-vms-in-other-datacenter#latest

    With a little modification and GRE forwarding, it's possible at home. I've done it.

  • ntupntup Member

    Try ddos-guard or hi-load systems company

  • FrozenPvPsFrozenPvPs Member
    edited June 2019

    @jordynegen11 said:
    Check: https://lowendtalk.com/discussion/156850/howto-tunnel-ddos-protected-ovh-ip-to-vms-in-other-datacenter#latest

    With a little modification and GRE forwarding, it's possible at home. I've done it.

    Thanks for this, I'll try it. Where can I find my IP block? (I only have 1 other IP)

    @Boltersdriveer said:
    Given you're running game servers, you probably want something close. You could probably look at getting one of BuyVM's slices, given they have a location in New Jersey, add on a DDoS-protected IP and run a GRE tunnel back to your place. Bam, unmetered bandwidth.

    I'll try this however, BuyVM slices are only available in LA.

    @ntup said:
    Try ddos-guard or hi-load systems company

    For ddos-guard you need a company/business with a datacenter.

  • FHRFHR Member, Host Rep

    You can't do GRE unless you have a static IP.
    Just want to do OpenVPN or PPTP. Get an OVH or BuyVM VPS (yes, there's a NY location).

    Thanked by 1vimalware
  • For me i use ESET internet security. It seems to help out alot. Suggest using that if u want complete protection. Another thing is modsecurity with IIS (Internet Information Service).

  • ClouviderClouvider Member, Patron Provider

    Don’t run game servers at home. Buy a VPS or a Dedicated on a protected network and be done with it

    Thanked by 2vimalware Ole_Juul
  • FHRFHR Member, Host Rep
    edited June 2019

    thoughtsignal said: For me i use ESET internet security.

    Useless.

    thoughtsignal said: modsecurity with IIS (Internet Information Service).

    Again, useless against DDOS. Also LOL at using IIS.

    Thanked by 2vimalware maverickp
  • eva2000eva2000 Veteran
    edited June 2019

    FrozenPvPs said: I am looking for remote DDoS protection/migitation.

    I want to home host a server, and I only need DDoS protection and then I'm set.

    not sure if Argo tunnel from Cloudflare would be suited - they have free version now https://blog.cloudflare.com/a-free-argo-tunnel-for-your-next-project/

    Most importantly, Argo Tunnel helps shield your origin by simplifying the firewall rules you need to configure. Argo Tunnel makes outbound calls to the Cloudflare network and proxies requests back to your server. You can then disable all ingress to the machine and ensure that Cloudflare’s security features always stand between your server and the rest of the Internet. In addition to secure, we made it fast. The connection uses our Argo Smart Routing technology to find the most performant path from your visitors to your origin.

  • ntupntup Member

    @eva2000 said:

    FrozenPvPs said: I am looking for remote DDoS protection/migitation.

    I want to home host a server, and I only need DDoS protection and then I'm set.

    not sure if Argo tunnel from Cloudflare would be suited - they have free version now https://blog.cloudflare.com/a-free-argo-tunnel-for-your-next-project/

    Most importantly, Argo Tunnel helps shield your origin by simplifying the firewall rules you need to configure. Argo Tunnel makes outbound calls to the Cloudflare network and proxies requests back to your server. You can then disable all ingress to the machine and ensure that Cloudflare’s security features always stand between your server and the rest of the Internet. In addition to secure, we made it fast. The connection uses our Argo Smart Routing technology to find the most performant path from your visitors to your origin.

    You will never make the normal protection of the game server at home. Just remember this.

  • jordynegen11jordynegen11 Member
    edited June 2019

    @FHR said:
    You can't do GRE unless you have a static IP.
    Just want to do OpenVPN or PPTP. Get an OVH or BuyVM VPS (yes, there's a NY location).

    Not true,

    You can make a automatic script that checks the IP every 1 minute and edit it on both sides if needed.

    Here in de Netherlands a dynamic IP only changes ones per year anyways as long you don't replace your router or change the MAC address of your router.

  • @FrozenPvPs said:

    @jordynegen11 said:
    Check: https://lowendtalk.com/discussion/156850/howto-tunnel-ddos-protected-ovh-ip-to-vms-in-other-datacenter#latest

    With a little modification and GRE forwarding, it's possible at home. I've done it.

    Thanks for this, I'll try it. Where can I find my IP block? (I only have 1 other IP)

    A subnet is required /28 at least.

  • The problem of running a home server is you will need a static ip which most internet providers don't give. They rotate ips about four times a day.

  • FHRFHR Member, Host Rep

    @jordynegen11 said:

    @FHR said:
    You can't do GRE unless you have a static IP.
    Just want to do OpenVPN or PPTP. Get an OVH or BuyVM VPS (yes, there's a NY location).

    Not true,

    You can make a automatic script that checks the IP every 1 minute and edit it on both sides if needed.

    Here in de Netherlands a dynamic IP only changes ones per year anyways as long you don't replace your router or change the MAC address of your router.

    It's unreliable. Also, a lot of ISPs firewall you off (or straight up CG-NAT you) unless you pay for a static IP.

  • Maybe try wireguard. It's supposedly better with seamless IP roaming.

  • SplitIceSplitIce Member, Host Rep
    edited June 2019

    @stefeman said:

    @SplitIce said:
    Home network will make everything difficult, especially if you don't have a Static IP - or have CGNAT.

    OpenVPN tunnel solves this. He will use VPN IP and open ports from the VPS.

    Not really, it's quite a problematic solution for anyone who wants reliable uptime. I've done a few posts historically on why this is, I won't repeat myself there.

    re; Dynamic IPs and CGNAT. At the end of the day if your ISP changes your IP, you will loose all connections while all elements in your networking stack reconnect and resume (PPOE -> OVPN).

    Wireguard in the near future (or possibly now - if you are running an edgier kernel than I) may be the solution for some of OpenVPNs issues for this application though. From what I've seen session resumption speed and overal performance is quite good - assuming your ISPs IP switches are fast, and your stack layers stateless (i.e not PPPOE) you might not loose all the connections.

    Rather than spending money on upgrading to a Biz connection, spending on a proper hosted server is likely a better use of his/her money.

    Thanked by 1FHR
  • @FHR said:

    @jordynegen11 said:

    @FHR said:
    You can't do GRE unless you have a static IP.
    Just want to do OpenVPN or PPTP. Get an OVH or BuyVM VPS (yes, there's a NY location).

    Not true,

    You can make a automatic script that checks the IP every 1 minute and edit it on both sides if needed.

    Here in de Netherlands a dynamic IP only changes ones per year anyways as long you don't replace your router or change the MAC address of your router.

    It's unreliable. Also, a lot of ISPs firewall you off (or straight up CG-NAT you) unless you pay for a static IP.

    @VPSoffshore said:
    The problem of running a home server is you will need a static ip which most internet providers don't give. They rotate ips about four times a day.

    My provider never really gives new IP's.
    I once had the same IP for 1 year straight. The only time my IP has changed was when I upgraded internet speeds.

    Anyways, if it's really needed, I can easily switch to Comcast Business or ask for a static IP. + I'm pretty sure extra IP's are already static.

  • FHRFHR Member, Host Rep

    FrozenPvPs said: Anyways, if it's really needed, I can easily switch to Comcast Business or ask for a static IP. + I'm pretty sure extra IP's are already static.

    I'll agree with others in this thread - leasing a dedicated server from some provider (OVH?) is a money much better spent than paying for a business line + tunneling.

    Thanked by 1jordynegen11
  • MasonRMasonR Community Contributor
    edited June 2019

    FrozenPvPs said: gigabit residential connection with Comcast

    Keep in mind that Comcast is notorious for giving shit upload speeds, even with their high bandwidth packages. I think the upload speeds on the 1gig plans are ~30 Mbps. Pitiful. They do this to discourage exactly this (hosting services at home).

Sign In or Register to comment.