How would I fight a DoS or DDoS attack?

[Van Diekon]

Hey there everyone!
 

I have a Dell PowerEdge 2950 Generation 3 server in my home. I mainly use it for hosting local applications, but I also do host a single application for a variety of users. I meant to say, I play Minecraft, and I have a server that I want to protect.

 

I have been a victim of attacks before, mostly due to skype and giving my ID to stranger gamers. I would just like my server to remain online 24/7, but I don't know how to do this with a possible DDoS or DoS attack coming.

 

If I do have to buy a piece of hardware, I cannot spend more than $150.

[Enderman]

What attacks have you been a victim of??

And why would you ever give your ID to strangers???

[Van Diekon]

3 minutes ago, Enderman said:

What attacks have you been a victim of??

And why would you ever give your ID to strangers???

A DDoS attack. It was done via paid service after they used a Skype resolver.

 

Why I gave my Skype ID to strangers? That's besides the point. I really don't feel like giving a long nooby backstory.

 

[Enderman]

3 minutes ago, Van Diekon said:

A DDoS attack. It was done via paid service after they used a Skype resolver.

 

Why I gave my Skype ID to strangers? That's besides the point. I really don't feel like giving a long nooby backstory.

 

How do you know it was a ddos attack?

The best way to prevent ddoses is to not give your ID to weird people you don't trust....

Do you also go around the street and hand out your credit cards and SSN and other stuff to random people?

[Ryoutarou97]

1 minute ago, wrathoftheturkey said:

more like handing out your name, address  and cell phone number, but whatevs.

Hey, I'd rather have the SSN. Can I have your SSN?

[Ryoutarou97]

Just now, wrathoftheturkey said:

Sure, it's 314-15-9265

Hah like I'd buy that! Seems too fake. Real SSNs are more like 123-45-6789

[Van Diekon]

Back to the question at hand.

 

I want to know how to prevent or fight an incoming attack. Any advice?

[gundamMC]

If it's a website, use a cdn or something. Cloudfare would do. But... A minecraft server on a home network... You track down the ips that's sending the packages and if they happen to be something like 123.456.xxx.xxx, then you can ban them using 123.456.*.*. If you're running windows server they do have that feature built-in, not sure about other systems...

[Apollo Refugio]

2 hours ago, wrathoftheturkey said:

Sure, it's 314-15-9265

i like pi

[Lurick]

10 hours ago, Van Diekon said:

Back to the question at hand.

 

I want to know how to prevent or fight an incoming attack. Any advice?

If you host it through a VPN or other provider then they should have a DDoS protection available for you. If you're hosting it out of your home and just have your IP address handed out then there really isn't anything you can do. A firewall would block the attackers from getting into your network but they would still saturate your single connection and that you cannot stop.

[Van Diekon]

57 minutes ago, Lurick said:

If you host it through a VPN or other provider then they should have a DDoS protection available for you. If you're hosting it out of your home and just have your IP address handed out then there really isn't anything you can do. A firewall would block the attackers from getting into your network but they would still saturate your single connection and that you cannot stop.

So there is absolutely nothing i am able to do? Is there anything that can soften the blow?

[Lurick]

29 minutes ago, Van Diekon said:

So there is absolutely nothing i am able to do? Is there anything that can soften the blow?

Nope, not really. If you know who did it and don't have a dynamic hostname through somebody like DynDNS and just hand out your IP address you can try unplugging your modem for a while (like 6+ hours) and seeing if you get a new IP address from your ISP. If you have your server referenced by a domain name then there is nothing you can do aside change the domain name and your IP address.

[KuJoe]

36 minutes ago, Van Diekon said:

So there is absolutely nothing i am able to do? Is there anything that can soften the blow?

Route your traffic through a VPN with DDoS protection. You're profile says Florida so the closet option for you is probably setting up a VPS on QuadraNet's InfraCloud in Miami for around $5/month (~$60/year which is less than half your budget) although if you get a DDoS attack then the traffic will route through their Los Angeles data center meaning legit users will see some high latency during the attack (better than being offline though). They only offer 2Gbps of DDoS protection though which isn't a lot these days and after that your IP goes offline (you'll get e-mails though so it won't just go offline and you have to figure out why). Another option would be to find somebody with DDoS protection in Atlanta where the next biggest POP would be and where the bandwidth is significantly cheaper. The majority of Florida's traffic goes through either Atlanta or Dallas so you do have some options although I can't think of any off hand outside of Florida. Also the VPN will only help you if you change your IP address after setting up the VPN, otherwise the attackers can bypass the VPN.

 

Short of setting up your own VPN, you'll need to spend a lot more than $150. Assuming you're able to get a few 1Gbps lines to your house, any DDoS mitigation hardware will run you at least $10k for a cheap legacy appliance on eBay that will be crushed in any sizable SYN flood.

[KuJoe]

Also, why not rent a server out of a data center with DDoS protection? That would be a lot cheaper than what you're paying in power/cooling for that power hungry beast you call a 2950. You can rent a VPS that can handle quite a few Minecraft players with DDoS protection for less than $150/year.

[Van Diekon]

37 minutes ago, KuJoe said:

Also, why not rent a server out of a data center with DDoS protection? That would be a lot cheaper than what you're paying in power/cooling for that power hungry beast you call a 2950. You can rent a VPS that can handle quite a few Minecraft players with DDoS protection for less than $150/year.

I use the server for more than that. I run a variety of things on there, including Backup software for all computers in my home.

 

I pay about $45 a month for Power and cooling for that server. I keep my house around 75 degrees. I modded the server fans.

[schizznick]

Blocking or mitigating a DOS or DDOS attack is very difficult from a consumer grade internet connection. You need to be able to re-route packets destined for your connection prior to them heading to your connection. Even if you blocked the IP's on your server, you would still have the traffic hitting your internet connection and still causing the issue. As was suggested either hosting your server elsewhere where it can have DDOS protection or use a VPN service to hide your IP. 

 

Good Luck.

[Van Diekon]

10 minutes ago, schizznick said:

Blocking or mitigating a DOS or DDOS attack is very difficult from a consumer grade internet connection. You need to be able to re-route packets destined for your connection prior to them heading to your connection. Even if you blocked the IP's on your server, you would still have the traffic hitting your internet connection and still causing the issue. As was suggested either hosting your server elsewhere where it can have DDOS protection or use a VPN service to hide your IP. 

 

Good Luck.

Maybe I will just do that for this one service that I require.

 

I still need my server for a variety of other things.

 

Thank you for the comments everyone!

[Mornincupofhate]

9 hours ago, KuJoe said:

Route your traffic through a VPN with DDoS protection. You're profile says Florida so the closet option for you is probably setting up a VPS on QuadraNet's InfraCloud in Miami for around $5/month (~$60/year which is less than half your budget) although if you get a DDoS attack then the traffic will route through their Los Angeles data center meaning legit users will see some high latency during the attack (better than being offline though). They only offer 2Gbps of DDoS protection though which isn't a lot these days and after that your IP goes offline (you'll get e-mails though so it won't just go offline and you have to figure out why). Another option would be to find somebody with DDoS protection in Atlanta where the next biggest POP would be and where the bandwidth is significantly cheaper. The majority of Florida's traffic goes through either Atlanta or Dallas so you do have some options although I can't think of any off hand outside of Florida. Also the VPN will only help you if you change your IP address after setting up the VPN, otherwise the attackers can bypass the VPN.

 

Short of setting up your own VPN, you'll need to spend a lot more than $150. Assuming you're able to get a few 1Gbps lines to your house, any DDoS mitigation hardware will run you at least $10k for a cheap legacy appliance on eBay that will be crushed in any sizable SYN flood.

$10k lmfao. You can build 6mpps mitigation devices for the price of a desktop.

 

anyways, op, buy your VPN from private internet access. About $3 a month, no data limit, and servers in any place you can travel.

[Mornincupofhate]

6 hours ago, Van Diekon said:

Maybe I will just do that for this one service that I require.

 

I still need my server for a variety of other things.

 

Thank you for the comments everyone!

If you're going to spend $100+ on ddos protection, then just buy a server hosting plan. OVH is very cheap.

[KuJoe]

6 hours ago, Mornincupofhate said:

$10k lmfao. You can build 6mpps mitigation devices for the price of a desktop.

 

anyways, op, buy your VPN from private internet access. About $3 a month, no data limit, and servers in any place you can travel.

Can you provide more details? I'm genuinely interested. I don't know how you can get 6Mpps on x86 architecture. Are you talking about MIPS?

[leadeater]

1 hour ago, KuJoe said:

Can you provide more details? I'm genuinely interested. I don't know how you can get 6Mpps on x86 architecture. Are you talking about MIPS?

I'd also like to know, any decent inspection of traffic would crush anything that cheap. If it was just a basic traffic filter you can apply to known traffic then sure it might (huge might) be able to do it but it's not going to be automatic in any way and something you'd have to do after the attack has already taken down the service.

 

Even the most basic FortiDDoS 200B only claim 4Mpps, Arbor 2002 3Mpps, Radware x06 1Mpps so 6Mpps for something that costs a desktop versus multi thousand dollar units is a bold claim.

[Mornincupofhate]

19 hours ago, leadeater said:

I'd also like to know, any decent inspection of traffic would crush anything that cheap. If it was just a basic traffic filter you can apply to known traffic then sure it might (huge might) be able to do it but it's not going to be automatic in any way and something you'd have to do after the attack has already taken down the service.

 

Even the most basic FortiDDoS 200B only claim 4Mpps, Arbor 2002 3Mpps, Radware x06 1Mpps so 6Mpps for something that costs a desktop versus multi thousand dollar units is a bold claim.

I've been doing some research on it, and you can do a kernel bypass with netmap, and you can optimize the linux operating system on a 16 core processor to handle about 6mpps, according to the blog I read. It's also from cloudflare, so I trust them. https://blog.cloudflare.com/single-rx-queue-kernel-bypass-with-netmap/

I've yet to build one of these, but just using it to rate limit and drop invalid packets on a big enough pipe could be pretty efficient.

[leadeater]

Just now, Mornincupofhate said:

I've been doing some research on it, and you can do a kernel bypass with netmap, and you can optimize the linux operating system on a 16 core processor to handle about 6mpps, according to the blog I read. It's also from cloudflare, so I trust them. https://blog.cloudflare.com/single-rx-queue-kernel-bypass-with-netmap/

I've yet to build one of these, but just using it to rate limit and drop invalid packets on a big enough pipe could be pretty efficient.

If you build one let me and @KuJoe know, I'd love to hear about it. Plus I have a couple of 1Gbps connections I can throw at it to test it and if needed even a 3x 10Gbps (work won't mind ).

[Mornincupofhate]

19 hours ago, leadeater said:

I'd also like to know, any decent inspection of traffic would crush anything that cheap. If it was just a basic traffic filter you can apply to known traffic then sure it might (huge might) be able to do it but it's not going to be automatic in any way and something you'd have to do after the attack has already taken down the service.

 

Even the most basic FortiDDoS 200B only claim 4Mpps, Arbor 2002 3Mpps, Radware x06 1Mpps so 6Mpps for something that costs a desktop versus multi thousand dollar units is a bold claim.

I also took a look at OVH's cisco ddos protection and routing hardware, and believe it or not, the devices just had 2x4 core xeons in them. No asics, and nothing else special about them.

[Mornincupofhate]

Just now, leadeater said:

If you build one let me and @KuJoe know, I'd love to hear about it. Plus I have a couple of 1Gbps connections I can throw at it to test it and if needed even a 3x 10Gbps (work won't mind ).

Yeah definitely, the only problem are the cost of nics lmfao they're about $500 each for the ones I want.