Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


OVH Game Bypass - Beaware
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

OVH Game Bypass - Beaware

FlorinMarianFlorinMarian Member, Host Rep
edited October 2021 in Reviews

Hi, guys!
I come in front of you to with my short story, started few minutes ago.
One of my customer, who rented some KVM machines, has an MMORPG p-server, announced his launch date for today.
What happen after his opening?
This.

Someone can Bypass OVH Game AntiDDos and his attack succeed to freeze all IPs attached to that dedicated server, not only DDoSed one.
I just want you to open your eyes if you plan to bet everything on OVH Game, as we did.

Best regards, Florin.

Thanked by 1risharde
«1

Comments

  • exception0x876exception0x876 Member, Host Rep, LIR

    AFAIK, OVH does not filter internal traffic coming from other OVH servers. The only workaround that I know is to get a server with 10 Gbps link so it is harder to bring it down.

    Thanked by 2AXYZE jonatha
  • MikeAMikeA Member, Patron Provider
    edited October 2021

    You must be new to OVH... Also you're using SoYouStart, and lack any control over the firewalls.

  • FlorinMarianFlorinMarian Member, Host Rep

    @exception0x876 said:
    AFAIK, OVH does not filter internal traffic coming from other OVH servers. The only workaround that I know is to get a server with 10 Gbps link so it is harder to bring it down.

    Hi!
    There's no option to get 10Gbps for Game Servers range.
    Thank you for feedback!

  • FlorinMarianFlorinMarian Member, Host Rep

    @MikeA said:
    You must be new to OVH...

    Hi!
    New seller, old customer.
    I never faced this kind of DDoS before.

  • deankdeank Member, Troll

    I thought this was a necro thread.

  • MikeAMikeA Member, Patron Provider
    edited October 2021

    @FlorinMarian said:

    @MikeA said:
    You must be new to OVH...

    Hi!
    New seller, old customer.
    I never faced this kind of DDoS before.

    Just wait until you attract the VPN people since you are marketing OVH game, you will want to got to sleep and never wake up with the amount of DDoS issues and abuse.

  • From my observation, SYS Game not works that well as normal GAME from OVH and even badder than normal gamma of servers. There are even bypasses on SYS that are not on the normal OVH network.

  • FlorinMarianFlorinMarian Member, Host Rep

    @Matix8981 said:
    From my observation, SYS Game not works that well as normal GAME from OVH and even badder than normal gamma of servers. There are even bypasses on SYS that are not on the normal OVH network.

    I would be happy to agree with you but I can't.
    There's no explicit difference between them excepting permanent mitigation.
    That makes sense before attack it's filtered but i'm under mitigation and still issue persist (~ 1Gbps constant).

    Best regards, Florin.

  • @FlorinMarian said:

    @Matix8981 said:
    From my observation, SYS Game not works that well as normal GAME from OVH and even badder than normal gamma of servers. There are even bypasses on SYS that are not on the normal OVH network.

    I would be happy to agree with you but I can't.
    There's no explicit difference between them excepting permanent mitigation.
    That makes sense before attack it's filtered but i'm under mitigation and still issue persist (~ 1Gbps constant).

    Best regards, Florin.

    As mentioned above its because the attack is from another OVH server & you cant set custom rules on SYS.

    Thanked by 1FlorinMarian
  • FlorinMarianFlorinMarian Member, Host Rep

    @SirFoxy said:

    @FlorinMarian said:

    @Matix8981 said:
    From my observation, SYS Game not works that well as normal GAME from OVH and even badder than normal gamma of servers. There are even bypasses on SYS that are not on the normal OVH network.

    I would be happy to agree with you but I can't.
    There's no explicit difference between them excepting permanent mitigation.
    That makes sense before attack it's filtered but i'm under mitigation and still issue persist (~ 1Gbps constant).

    Best regards, Florin.

    As mentioned above its because the attack is from another OVH server & you cant set custom rules on SYS.

    May I know which Firewall rules can be used to be covered against internal attacks?
    Thank you!

  • @FlorinMarian said:

    @SirFoxy said:

    @FlorinMarian said:

    @Matix8981 said:
    From my observation, SYS Game not works that well as normal GAME from OVH and even badder than normal gamma of servers. There are even bypasses on SYS that are not on the normal OVH network.

    I would be happy to agree with you but I can't.
    There's no explicit difference between them excepting permanent mitigation.
    That makes sense before attack it's filtered but i'm under mitigation and still issue persist (~ 1Gbps constant).

    Best regards, Florin.

    As mentioned above its because the attack is from another OVH server & you cant set custom rules on SYS.

    May I know which Firewall rules can be used to be covered against internal attacks?
    Thank you!

    Afaik the firewall can't be used to filter internal attacks. You could grab the IP and manually block it and report it to OVH.

  • sandozsandoz Veteran
    edited October 2021

    Stressers / Booters have bypass for OVH, even for nForce and other protected servers.

    This is the game of cat & rat, wins who have better weapons.

    Why not using reverse proxy and blocking there?

    To be honest most of DDoS Attacks happens because of conflicts with members or players. Of course always have a kid waiting to make Attacks for no reason.

    Try to ignore to see if they stop. Sometimes is just a attack and they forget after some days or hours.

    Thanked by 1MikeA
  • FlorinMarianFlorinMarian Member, Host Rep

    @sandoz said:
    Stressers / Booters have bypass for OVH, even for nForce and other protected servers.

    This is the game of cat & rat, wins who have better weapons.

    Why not using reverse proxy and blocking there?

    To be honest most of DDoS Attacks happens because of conflicts with members or players. Of course always have a kid waiting to make Attacks for no reason.

    Try to ignore to see if they stop. Sometimes is just a attack and they forget after some days or hours.

    To ignore it isn't a fesable solution because attacker asked him for 200 eur to stop attacks and also it disturb whole dedicated (other 4 Game servers), cannot afford 4 down services for only one customer.

    I'll really appreciate if someone can share his ideas about how to prevent internal attacks without locking other features.

    Best regards, Florin.

  • OVH protection is largely bypassed by several MJJs, you will probably need to look for providers that can fix the flaws quickly (Path, Psychz?)

    That's just what I have to say with years of hosting Minecraft servers

  • GhtGht Member

    True story , ovh is no longer protected,
    Stressers can bypass dhe filters.

  • The best mjj protection is to distract them into attacking the wrong target.

  • This is old news. I have been able to take down ovh servers for years, and it still works.

    For educational purposes, ofcourse.

  • @Pappeske said:
    This is old news. I have been able to take down ovh servers for years, and it still works.

    For educational purposes, ofcourse.

    of course...

    Thanked by 1pike
  • NeoonNeoon Community Contributor, Veteran
    edited October 2021

    Does this surprise you?

    The DDoS protection can only mitigate stuff it knows and can detect
    There will be always ways, to bypass it.

    Especially, the in-house DDoS attack issues, where you get cybered to the moon.

  • i assume the servers are just for cheap i7, beside less of knowledge.

  • FlorinMarianFlorinMarian Member, Host Rep

    @ascicode said:
    i assume the servers are just for cheap i7, beside less of knowledge.

    Servers are SyS because our customer range will never produce monthly income if we deliver OVH at 115Eur + VAT monthly (same amount of RAM/Disk space).

    Best regards, Florin.

  • yoursunnyyoursunny Member, IPv6 Advocate
    edited October 2021

    How I deal with attackers:

    1. Post their IP on this forum.
    2. Put them on the naughty list.
    3. Invite them to come out and duel at dawn.

    Mentally strong people stand up to bullies, instead of hiding behind OVH.
    https://www.lowendtalk.com/discussion/comment/3271653/#Comment_3271653

    Best regards, push-up specialist.

    Thanked by 1TimboJones
  • FlorinMarianFlorinMarian Member, Host Rep
    edited October 2021

    @yoursunny said:
    How I deal with attackers:

    1. Post their IP on this forum.
    2. Put them on the naughty list.
    3. Invite them to come out and duel at dawn.

    Mentally strong people stand up to bullies, instead of hiding behind OVH.
    https://www.lowendtalk.com/discussion/comment/3271653/#Comment_3271653

    Best regards, push-up specialist.

    Thank you for reply!
    Unfortunatelly I just started to learn Networking Fundamentals at Faculty and also in paralel for going deeper.
    And about posting their IPs, isn't possible due of fact he uses fake IPs to fullfill my NIC with fake UDP packets which aren't filtered by OVH and normally shouln't ever arrive on my server NIC.
    Until I''ll be able to invite them at "duel at down", I'll spend my time for learning and trying different things which seems suitable for my problem.

    Best regards, Florin.

  • @FlorinMarian said:
    Hi, guys!
    I come in front of you to with my short story, started few minutes ago.
    One of my customer, who rented some KVM machines, has an MMORPG p-server, announced his launch date for today.
    What happen after his opening?
    This.

    Someone can Bypass OVH Game AntiDDos and his attack succeed to freeze all IPs attached to that dedicated server, not only DDoSed one.
    I just want you to open your eyes if you plan to bet everything on OVH Game, as we did.

    Best regards, Florin.

    other things you can do is filter the packets that enter the server with iptable if you are using Linux

  • FlorinMarianFlorinMarian Member, Host Rep

    @yosoyhendrix said:

    @FlorinMarian said:
    Hi, guys!
    I come in front of you to with my short story, started few minutes ago.
    One of my customer, who rented some KVM machines, has an MMORPG p-server, announced his launch date for today.
    What happen after his opening?
    This.

    Someone can Bypass OVH Game AntiDDos and his attack succeed to freeze all IPs attached to that dedicated server, not only DDoSed one.
    I just want you to open your eyes if you plan to bet everything on OVH Game, as we did.

    Best regards, Florin.

    other things you can do is filter the packets that enter the server with iptable if you are using Linux

    There are multiple OS and unfortunatelly I didn't found specific rules to check if IPs are real, packets aswell - before NIC being already overloaded with fake packets.

    Thank you for suggestion.

    Best regards, Florin.

  • Vova1234Vova1234 Member, Patron Provider

    This is also an old problem. Many pests attack servers in this way and clog the channel to the maximum.

    I wrote to them about this problem many times a long time ago. 2 years ago yet. But no one cares.

  • solution is simple: don't sell/promise services that you can't deliver/hold up to, to clients that attract such shit or abuse you without thinking twice, on top at unsustainable pricing.

    there is no margin, and you simply betray yourself by thinking this is a market you want to be into and can succeed.

    our customer range will never produce monthly income if we deliver OVH at 115Eur

    wrong customer range then. get rid of them. problem fixed.

  • stefemanstefeman Member
    edited October 2021

    If you are intentionally selling OVH servers to people that abuse the server by stress testing it with illegal websites/tools, or using it for XBOX/PSN VPNs, you are better off with OVH Infra range server and strong CPU rather than Game range, since Infra range has 10Gbps NIC and 10Gbps downstream and 2Gbps upstream burst.

    With 10G downstream, the server is far less likely to be saturated by the anti-ddos leaks than OVH Game, which can climb to quite high. Infra also comes with better CPUs at higher end, (Infra 3 and Infra 4), so you can generally apply iptables rules to address the leaking traffic on node level towards individual KVM servers that are running on the machine, with much of excess CPU power still left for KVM servers.

    It will still be a quite tight balance between downtime and lag, but at least other customers on the node are less likely to be affected if you have 10G port and strong CPU paired with solid iptables against the leaking traffic.

    Thanked by 2FlorinMarian MikeA
  • I was like you for two weeks. Octave himself helped us to block the IPs that attacked us (from ovh), he blocked them and blocked the client accounts that his servers used to attack. He promised to fix the internal attacks but did nothing. It is a pity. OVH is great but you must listen to your customers.

  • FlorinMarianFlorinMarian Member, Host Rep

    @Police said:
    I was like you for two weeks. Octave himself helped us to block the IPs that attacked us (from ovh), he blocked them and blocked the client accounts that his servers used to attack. He promised to fix the internal attacks but did nothing. It is a pity. OVH is great but you must listen to your customers.

    Thank you for your feedback!
    Unfortunatelly the attacks received aren't internal one. I've catched few hundreds of IPs and they're randomly all around the world.
    As someone who attacked me for test purposes, he said that it's necessary only to spoof fake IP addresses and fake udp packets to be down. I was happy because I've blocked few hundreds of IPs but it has no effect due of fact they were another IPs send next attack.

    Best regards, Florin.

Sign In or Register to comment.