Fiber & Getting ddos'd

[KuJoe]

Game servers are one of the top 3 targets for DDoS attacks for my customers (IRC servers and a specific video chat being the other 2). I would recommend spending the $10 to host the game server(s) on a VPS.

[kirashi]

1 minute ago, Mornincupofhate said:

You have no clue what you're talking about. A load balancer would do 100% nothing in terms of protection on your end. Cloudflare would also do nothing holy shit do some research before you type out an entire paragraph.

I've been doing general IT work for over 10 years, 7 of which have been spent learning about how servers work, so I know generally how things work in a network. I'll be the first to admit that I have not configured AD services (because screw Microsoft) and have zero desire to actually learn how any kind of Cisco or Juniper Networks equipment works on a technical level. I leave that stuff for the network security experts to do; however, I try to make myself knowledgeable to at least understand what they're talking about so I can recommend the right equipment to small business clients.

 

That said, a Load Balancer's job is to ... um... balance the load. That means taking incoming traffic and splitting it among multiple network routes. Obviously, this requires a lot of bandwidth overhead on its' own, and you'd need to have multiple servers or Hypervisors/VMs running multiple instances of virtualized servers for this to work effectively, but Load Balancers can stop most DDoS attacks by analyzing traffic types. They can be configured to sort through good and bad traffic, routing good stuff to the appropriate server, and throwing away bad stuff.

 

After the Load Balancer, you'd want to have a Web Application Firewall (WAF) to further filter requests based on a variety of algorithms. This can be hardware or software based, and simply analyzes traffic in more detail than a Load Balancer would. Software WAF's are indeed more efficient, assuming you're running them on decent hardware that can handle hundreds of thousands of connections at once.

 

http://blog.haproxy.com/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/

 

 

 

F5 Networks has a very good article on DDoS attacks, going over different types of attacks, and how one can mitigate them. Obviously, they're selling their F5 platform in the article, since that's what they offer as a company, but it's still great information.

https://f5.com/resources/white-papers/mitigating-ddos-attacks-with-f5-technology

 

I will give you credit here though @Mornincupofhate in that a home connection services by an ISP is only as strong as its' weakest link. This means that if AT&T has not implemented DDoS protection at every single point of connection between @Mitch619911 and AT&T's outbound connection to whichever backbone they're using in his area, then you're spot on that there's nothing a user can do to mitigate a DDoS attack on their end.

 

However, if we assume that an ISP takes ever measure possible to mitigate DDoS attacks, then either A) attacks would be stopped before they ever reach a residential user, or B) ISP's would have to allow a user to install a professional enterprise grade modem in place of the consumer grade Motorola / Arris / Thomson / Technicolor modems they would otherwise be using, since there's no way a consumer grade modem would be able to handle a mass TCP SYN packet flood.

[KuJoe]

1 minute ago, Mornincupofhate said:

PIA's datacenters have mitigation, but who cares, its not his IP thats being hit, and he can switch to a different server in about 5 seconds. Latency from what I've seen on my end is about 10-20ms increase (I'm also on a slow, shitty DSL line)

 

If you want to test a ddos at home, disconnect your machines from the internet, download (or make) a UDP flooder, and flood your machine and or router's local IP. 

Thanks for the info, I'm surprised PIA doesn't advertise that but I'm going to start making a list of their data centers tonight to see who advertises it and who doesn't.

 

As for testing at home, I already do this against my routers in my labs but I wanted to test the impact over the WAN with the traffic tunneled through a VPN with DDoS mitigation and without (also compare an "always on" versus "sense and react" protection).

[KuJoe]

3 minutes ago, kirashi said:

However, if we assume that an ISP takes ever measure possible to mitigate DDoS attacks, then either A) attacks would be stopped before they ever reach a residential user, or B) ISP's would have to allow a user to install a professional enterprise grade modem in place of the consumer grade Motorola / Arris / Thomson / Technicolor modems they would otherwise be using, since there's no way a consumer grade modem would be able to handle a mass TCP SYN packet flood.

In my experience ISPs don't care about DDoS attacks, it's too expensive for them to do anything about them so they'll just let them through unless they impact enough people to make it worth nullrouting the target.

[kirashi]

2 minutes ago, KuJoe said:

Game servers are one of the top 3 targets for DDoS attacks for my customers (IRC servers and a specific video chat being the other 2). I would recommend spending the $10 to host the game server(s) on a VPS.

This is a very good idea as well, especially if you don't trust your friends that much. My friends and I are all well beyond script-kiddie stages of life, so I don't have an issue hosting my Minecraft server at home and handing out the IP address. Whitelisting is on for the server itself, and my consumer grade router is running TomatoWRT firmware that supports fail2ban firewall mitigation, along with some other unique security features I won't discuss here. (They may involved retroactively gathering personal information of an attacker's IP address and storing it in a database for later disclosure to certain places on the internet.)

 

But if you've got friend you're not too... trusting of, then it's definitely a better idea to rent a VPS and host things outside of your network.

[Mornincupofhate]

2 minutes ago, KuJoe said:

Thanks for the info, I'm surprised PIA doesn't advertise that but I'm going to start making a list of their data centers tonight to see who advertises it and who doesn't.

 

As for testing at home, I already do this against my routers in my labs but I wanted to test the impact over the WAN with the traffic tunneled through a VPN with DDoS mitigation and without (also compare an "always on" versus "sense and react" protection).

PIA is geared more towards "do illegal stuff on our servers and we'll hide you to the best of our ability" and not DDoS mitigation.

 

I too would enjoy seeing AT&T's equipment stand up to a DDoS attack. I've been attacked many times, and a couple hundred packets per seconds is more than enough to crash and freeze the modem for a good 5-10 minutes.

[Mornincupofhate]

2 minutes ago, kirashi said:

This is a very good idea as well, especially if you don't trust your friends that much. My friends and I are all well beyond script-kiddie stages of life, so I don't have an issue hosting my Minecraft server at home and handing out the IP address. Whitelisting is on for the server itself, and my consumer grade router is running TomatoWRT firmware that supports fail2ban firewall mitigation, along with some other unique security features I won't discuss here. (They may involved retroactively gathering personal information of an attacker's IP address and storing it in a database for later disclosure to certain places on the internet.)

 

But if you've got friend you're not too... trusting of, then it's definitely a better idea to rent a VPS and host things outside of your network.

Your little fail2ban router is gonna crash and burn even before your pipe gets filled. Trust me.

[Mitch619911]

Just now, kirashi said:

This is a very good idea as well, especially if you don't trust your friends that much. My friends and I are all well beyond script-kiddie stages of life, so I don't have an issue hosting my Minecraft server at home and handing out the IP address. Whitelisting is on for the server itself, and my consumer grade router is running TomatoWRT firmware that supports fail2ban firewall mitigation, along with some other unique security features I won't discuss here. (They may involved retroactively gathering personal information of an attacker's IP address and storing it in a database for later disclosure to certain places on the internet.)

 

But if you've got friend you're not too... trusting of, then it's definitely a better idea to rent a VPS and host things outside of your network.

 

If you're fine with sharing some info about it in a PM would love to hear

[Donut417]

2 hours ago, Mitch619911 said:

I am getting AT&T Fiber within the next few days (1-3 days), I have 2 home servers and I want to host a game server off one for a friend that streams on Twitch, AT&T says they provide 1Gbps (1000mbps)..and I would like to know if anyone knows more info, would I be safe from most kiddos bought 'booters/stressors' from my home network of 1Gbps?

 

Thanks for ya time

Im just going to point out the elephant in the room. Running servers on a residential internet connection tends to be a violation of TOS. Ive seen it in Comcast's TOS and it seems to be the industry standard. Now that being said, the way they figure out if you have a server running is based on traffic. Id check AT&T's TOS first to make sure its OK. 

 

Or if your usage is going to be low then you should be fine. Im just pointing this out, I dont want your nice Fiber service terminated over a TOS violation. 

[Mornincupofhate]

3 hours ago, Mitch619911 said:

If you're fine with sharing some info about it in a PM would love to hear

http://ovh.com/

[Mitch619911]

On 2/6/2017 at 9:11 PM, Donut417 said:

Im just going to point out the elephant in the room. Running servers on a residential internet connection tends to be a violation of TOS. Ive seen it in Comcast's TOS and it seems to be the industry standard. Now that being said, the way they figure out if you have a server running is based on traffic. Id check AT&T's TOS first to make sure its OK. 

 

Or if your usage is going to be low then you should be fine. Im just pointing this out, I dont want your nice Fiber service terminated over a TOS violation. 

 

Not going to be using loads of internet, even if that was the case I run my computer 24/7 with a few programs, I have an unlimited plan not much they can do if I want to run a computer 24/7 with a 24/7 program that uses the internet I PAY for.. I could case less..

[Mitch619911]

On 2/6/2017 at 10:55 PM, Mornincupofhate said:

http://ovh.com/

As for any other hosting.. I already pay for other hosting servers and that's why I'm moving to everything to my home server  trying to keep cost down but + power soo.

 

[Mitch619911]

http://www.speedtest.net/my-result/6037159351
pretty dank.

A quick Google search of my IP comes up with letters and numbers with ::'s I don't suppose that means something is better with handling DDoS but going to a website shows the numbers (IP), would the numbers + letters + :: make a difference with DDoS attacks? - We have been hosting the game server and have never had an attack so I think I'd be fine for now

[Donut417]

14 minutes ago, Mitch619911 said:

Not going to be using loads of internet, even if that was the case I run my computer 24/7 with a few programs, I have an unlimited plan not much they can do if I want to run a computer 24/7 with a 24/7 program that uses the internet I PAY for.. I could case less..

All ISP's have disclaimers and limits to how you can user their service. Legally speaking if you break any of these they can disconnect you. Doesn't matter if you pay them or not. AT&T has a legal right to tell you what you can and cant do on their service. Because if you negatively impact their network their lawyers will negatively impact your life. 

[Mornincupofhate]

36 minutes ago, Mitch619911 said:

Not going to be using loads of internet, even if that was the case I run my computer 24/7 with a few programs, I have an unlimited plan not much they can do if I want to run a computer 24/7 with a 24/7 program that uses the internet I PAY for.. I could case less..

It doesn't matter if you're not using anywhere close to your bandwidth limit. When they go through the traffic logs and see that you're hosting servers, they're going to cut you off.

 

So your logic basically == if I PAY for MY internet is means its MY internet and I can host black market websites because I could care less if my provider takes away my only internet source.

[Mornincupofhate]

37 minutes ago, Mitch619911 said:

As for any other hosting.. I already pay for other hosting servers and that's why I'm moving to everything to my home server  trying to keep cost down but + power soo.

 

Have fun paying $50+ per month for electricity plus air conditioning to keep your house cool when you could have bought a $10-20 a month VPS.

[Mitch619911]

Just now, Mornincupofhate said:

Have fun paying $50+ per month for electricity plus air conditioning to keep your house cool when you could have bought a $10-20 a month VPS.

I have ran server(s) before - it's not too bad with power bills  no needs for AC just pumps the hot air out the window.

[Mitch619911]

Post was asking about DDoS and Fiber  idk why you keep bringing up hosting companies 

[Mornincupofhate]

2 minutes ago, Mitch619911 said:

I have ran server(s) before - it's not too bad with power bills  no needs for AC just pumps the hot air out the window.

Dunno if you know, but AT&T is one of the largest providers out there, and they're more than capable of building machines to learn what server traffic looks like on a residential line, and shut you down.

 

Again, what are you gonna do when they shut you down for violating their ToS then refuse to let you back on their network?

[Mornincupofhate]

1 minute ago, Mitch619911 said:

Post was asking about DDoS and Fiber  idk why you keep bringing up hosting companies 

OVH has ddos protection and fiber links. How does it not relate

[Mitch619911]

Why would I buy a host for 24gb ram when I can host it with 64gb ram

[Mornincupofhate]

42 minutes ago, Mitch619911 said:

http://www.speedtest.net/my-result/6037159351
pretty dank.

A quick Google search of my IP comes up with letters and numbers with ::'s I don't suppose that means something is better with handling DDoS but going to a website shows the numbers (IP), would the numbers + letters + :: make a difference with DDoS attacks? - We have been hosting the game server and have never had an attack so I think I'd be fine for now

That's your IPV6 address. It's just as easy to flood it.

[Mornincupofhate]

2 minutes ago, Mitch619911 said:

Why would I buy a host for 24gb ram when I can host it with 64gb ram

What unoptimized game server are you running thats using more than 8gb of ram.

[Mitch619911]

It's a home server that has a lot of space .-. having not much use of it while it runs so game server for friends it is!

[Mornincupofhate]

1 minute ago, Mitch619911 said:

having not much use of it while it runs so game server for friends it is!

Exactly my point.

I'm gonna stop responding to this thread now. When you piss off the wrong guy and your modem is getting crashed 58 times a day and you and your family cant even get on to check your emails, PM me and I can hook you up with some beefy ddos protection.