Question OVH my game server being disconnected by ddos?

TheBeastMC

Active Member
Joined
Mar 3, 2016
Messages
83
Points
71
Location
Germany
Yes change host.
@denka I don't think "Yes change host." is a good software to filter malicious game traffic. I see, you clearly read & understood his question.

I am trying a new set of rules, although they didn't help:
@Graymanflo No comment to the pic ... I just don't think the first 4 rules aren correct. The rest looks ok.

OVH and its Game firewall are failling more then ever now and they don't seem to care besides takes them 48h to answer most of the time. There are better solutions out there that get these problems solved in minutes like blazingfast.io
@denka I have the same feeling that OVH doesn't care about their GAME firewall anymore. I get more and more attacks that go through and I have to filter them by myself ... But no way is Blazingfast a better solution than OVH GAME xDDD You didn't mean this seriously?

Let me know when you find ANYONE that has a method to drop blazingfast. And il let you know how many there are for OVH, OVH PRO and OVH Game, oh wait guess we have one of the game client saying hes going down right here so forget that one.
@denka Well, blazingfast writes on their website that they have a special ts3 protection, but don't filter any ts3 attacks (I think they filter TS3INIT1 packets, but thats it). I did not test every attack, but i'm pretty sure most attacks I receive here at OVH GAME, go through blazingfast too :)

Theres no software that can protect from a DDoS
@denka Have you heard of iptables yet? :)
 

denka

Restricted
Joined
Apr 26, 2015
Messages
224
Points
66
@denka I don't think "Yes change host." is a good software to filter malicious game traffic. I see, you clearly read & understood his question.


@Graymanflo No comment to the pic ... I just don't think the first 4 rules aren correct. The rest looks ok.


@denka I have the same feeling that OVH doesn't care about their GAME firewall anymore. I get more and more attacks that go through and I have to filter them by myself ... But no way is Blazingfast a better solution than OVH GAME xDDD You didn't mean this seriously?


@denka Well, blazingfast writes on their website that they have a special ts3 protection, but don't filter any ts3 attacks (I think they filter TS3INIT1 packets, but thats it). I did not test every attack, but i'm pretty sure most attacks I receive here at OVH GAME, go through blazingfast too :)


@denka Have you heard of iptables yet? :)
Il end any discussion with anyone once they think that iptables can stop a DDoS do you even know the difference between DoS and DDoS? You must be talking about DoS. FFS I won't even bother to reply with anything else have a good one DEVELOPER hope you get a job at OVH soon.
 

TheBeastMC

Active Member
Joined
Mar 3, 2016
Messages
83
Points
71
Location
Germany
Il end any discussion with anyone once they think that iptables can stop a DDoS do you even know the difference between DoS and DDoS? You must be talking about DoS. FFS I won't even bother to reply with anything else have a good one DEVELOPER hope you get a job at OVH soon.
@denka Yes, of course I think that you can stop DoS or DDoS attacks with iptables. I do that on some VPS that get attacked with special exploits.

As I exactly know that you cannot imagine an example where iptables stops an attack (maybe because you never inspected any packets of an attack yet), here is one:
My TS3 server gets attacked with a specific payload, that causes the TS3 server to use 100% cpu and thus it lags / is down. Network is fine (~50 Mbit/s down). A typical L7 attack (L7 = Application Layer).
The attack does not get filtered from the firewall, so I make a tcpdump of it and see that it's a specific payload that is sent over and over again.
I create an iptables rule that simply drops the packets before they reach the TS3 server and everything is fine.

Of course, this is not always the case (e.g. when the attack is > than your server's bandwith / cpu) and I never said that, but in theory it's possible to filter anything with iptables when you have enough bandwith & cpu for it.
 

TheBeastMC

Active Member
Joined
Mar 3, 2016
Messages
83
Points
71
Location
Germany
@Graymanflo It would be best if you manage to start the tcpdump a second before the attack starts and then let it record the attack (until 100000 packets).
As I think that's not possible in your situation, you can provide me a dump just of the attack and one of normal traffic too.
 

Graymanflo

Member
Joined
Dec 23, 2015
Messages
15
Points
35
Age
28
I see @TheBeastMC, this is my first time using tcpdump but wouldn't this be better in my case?
tcpdump -i 2 port 25200 -c 100000 -n > C:\Users\Administrator\Desktop\Dump\ddos.pcap
(The interface is 2 and -n makes it show IP rather than hostnames). I'm looking at the game port only 25200 and using ">" instead of -w makes it readable as otherwise you need to open it with tcpdump rather than a plain text editor?

This is a level 7 ddos attack as it only affects the targeted server and nothing else on the computer, usually my first game server goes down and a minute later the second is targeted. The current issue with the dumps I'm getting is that they're not really readable:
download.png
(Although for this log I used different parameters: tcpdump -i 2 udp port 25200 -vv -X -n > > C:\Users\Administrator\Desktop\Dump\network.pcap)
 

Top