How to protect my gaming server from DDoS?

[Filingo]

I know that the game I'm running on my server is prone to DDoS attacks. (There are scripts that can make the game stop)

But I know that other servers I'm playing on have protection and I never saw them shutting down.

 

What are the protections I can use?

Currently I am using Windows 10. But I can use Linux if it is better suited for such protection

 

Thanks  

[Electronics Wizardy]

How are they ddos you? Is it just too much network traffic or a app level issue? 

 

If its too much network traffic you need a faster internet pipe or something in front to take and stop the ddos traffic. If its a app level issue, you need to configure your game server to not process those attacks.

[RockSolid1106]

All my commands are for Debian based OSes. I am using Ubuntu 20.10.

On Linux, you can install a firewall, called UFW, and then manually allow the ports you specify. This should be a good start.

Installing the firewall:

sudo apt install ufw

At this point, the firewall will disabled. Now you can specify the firewall to allow your ports.

To check what ports are in use, use the following command:

sudo ss -tupln

You should see a table, and in there you can check the active ports.

The command for allowing port 445(SMB) will be:

sudo ufw allow 445/tcp

The format is: sudo ufw allow <port>/<protocol (tcp/udp)>

After you have allowed the specific ports, you should enable the firewall by:

sudo ufw enable

After enabling if you want to allow/block some ports, you can use the command mentioned above, and then:

sudo ufw reload

Though, you should restart after making changes to the firewall because sometimes the changes don't take place with a firewall reload.

 

Also, many DDoS attacks occur by sending a ton of ping requests to a server, and then the server basically cant deal with all of those pings, and then just shuts off. Dont know about Windows, but on Linux(I use Ubuntu 20.10), you can block pings altogether. This also proves to be a good security measure. I am pretty sure there is an alternative to this on Windows as well. 

Steps for Debian based OS(ufw firewall should be installed to do this):

Navigate to /etc/ufw

cd /etc/ufw

then you want to edit a file named "before.rules". Do so by:

sudo nano before.rules

Now you should see a text file opened in the terminal. Navigate by using the arrow keys. You want to navigate to the line which says 

# ok icmp codes for INPUT

Then add a line after that and then type in:

-A ufw-before-input -p icmp --icmp-type echo-request -j DROP

to save the file, hit Control+x, then type in 'y' and hit enter. 

Now, you can reload the firewall(or restart the PC). As a test, you can ping your server from another device on the network with its IP address with the following command:

ping <ip address>

The ping request should not get a response from the server. 

 

These should some basic steps to prevent DDoS attacks. Hope it helps! 

[schizznick]

So the above solution could help, but in most cases DDOS mitigation has to happen upstream. Once the upstream router encodes the attack packets onto the wire it's too late, your pipe is already affected before it even hits your FW/Router. If DDOS is a serious issue you could look at a VPN type service that offers that and run the game through that. However in reality costs for that are not usually cheap. In reality you cannot prevent a DDOS attack only mitigate it.