Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

DDOS Protection for a Dedicated Server

Dreamplay
 Share

I'm looking for a DDOS Protection Solution for my Dedicated Server  hosted at home. Not website protection. I can't seem to find any alternatives that doesn't break the bank. Anyone got any ideas?

Link to comment
Share on other sites

Link to post
Share on other sites

19 hours ago, Dreamplay said:

I'm looking for a DDOS Protection Solution for my Dedicated Server  hosted at home. Not website protection. I can't seem to find any alternatives that doesn't break the bank. Anyone got any ideas?

There really isn't going to be a practical solution for home-hosted DDOS protection. Certainly there are products that advertise this, but consider how DDOS protection works:

 

It filters out bad requests and just lets good traffic through. That's a ton of bandwidth and data it has to sort through. Good DDOS protection, like Cloud Flare, works well because they have huge data centres to process and filter traffic as fast as possible - and even with these services, some slowdown still happens - it just minimizes the impact so the site doesn't go down completely.

 

Example: Whenever LTT gets DDOS'd, the site still runs, but it runs like crap and is slow.

 

A regular firewall can already do what Cloud Flare does in a basic sense: Use rules to determine what traffic is allowed, and drop the rest. The problem is that your connection itself would likely get flooded, and even if the firewall drops the ddos connections, you get overwhelmed anyway. Cloud based DDOS protection works by running the traffic through their much larger and more powerful connection first, then passing it finally to the actual web server.

For Sale: Meraki Bundle

 

iPhone Xr 128 GB Product Red - HP Spectre x360 13" (i5 - 8 GB RAM - 256 GB SSD) - HP ZBook 15v G5 15" (i7-8850H - 16 GB RAM - 512 GB SSD - NVIDIA Quadro P600)

 

Link to comment
Share on other sites

Link to post
Share on other sites

3 hours ago, dalekphalm said:

There really isn't going to be a practical solution for home-hosted DDOS protection. Certainly there are products that advertise this, but consider how DDOS protection works:

 

It filters out bad requests and just lets good traffic through. That's a ton of bandwidth and data it has to sort through. Good DDOS protection, like Cloud Flare, works well because they have huge data centres to process and filter traffic as fast as possible - and even with these services, some slowdown still happens - it just minimizes the impact so the site doesn't go down completely.

 

Example: Whenever LTT gets DDOS'd, the site still runs, but it runs like crap and is slow.

 

A regular firewall can already do what Cloud Flare does in a basic sense: Use rules to determine what traffic is allowed, and drop the rest. The problem is that your connection itself would likely get flooded, and even if the firewall drops the ddos connections, you get overwhelmed anyway. Cloud based DDOS protection works by running the traffic through their much larger and more powerful connection first, then passing it finally to the actual web server.

Yeah I know, Cloudflare have got a service called spectrum which is ddos protection for any port. That's what I want. Unfortunally when it comes to cloudflare they only allow enterprise customers. I was wondering if someone else also allowed it that I couldn't find.

Link to comment
Share on other sites

Link to post
Share on other sites

6 hours ago, Dreamplay said:

Yeah I know, Cloudflare have got a service called spectrum which is ddos protection for any port. That's what I want. Unfortunally when it comes to cloudflare they only allow enterprise customers. I was wondering if someone else also allowed it that I couldn't find.

Honestly I'd do a google search and see if there's a local data centre in or near where you live. If so, many of them offer their own flavour of DDOS protection - and typically they don't care what kind of customer you are, as long as you're not doing anything illegal.

 

You might have to rent a proxy or a VPS as part of the deal though, to route the traffic.

 

Definitely worth looking into.

For Sale: Meraki Bundle

 

iPhone Xr 128 GB Product Red - HP Spectre x360 13" (i5 - 8 GB RAM - 256 GB SSD) - HP ZBook 15v G5 15" (i7-8850H - 16 GB RAM - 512 GB SSD - NVIDIA Quadro P600)

 

Link to comment
Share on other sites

Link to post
Share on other sites

What are you looking for DDoS Protection for at home if not a website? maybe a proxy or vpn is more what you're after depending what you're running that's at risk?

 

There are various security measures you can take to minimise DoS attacks. Many routers have built in firewalls, make sure thats enabled - they often block SYN & UDP flood attacks, have the option to disable ICMP requests or sometimes have ICMP flood settings which covers the most common attack (smurf attack). You can always get dedicated firewalls as well, either software like pfSense, or hardware like a Unifi USG. You want to only open ports you need to as well. 

 

Spoiler

Desktop: Ryzen9 5950X | ASUS ROG Crosshair VIII Hero (Wifi) | EVGA RTX 3080Ti FTW3 | 32GB (2x16GB) Corsair Dominator Platinum RGB Pro 3600Mhz | EKWB EK-AIO 360D-RGB | EKWB EK-Vardar RGB Fans | 1TB Samsung 980 Pro, 4TB Samsung 980 Pro | Corsair 5000D Airflow | Corsair HX850 Platinum PSU | LG 32" 32GK850G Monitor x2 | Ducky DK2108 Keyboard | Steel Series Sensei Ten | MicroLab Solo 7C Speakers | Audio-Technica ATH-M50xBT2 LE Headphones | TC-Helicon GoXLR | Audio-Technica AT2035 | LTT Desk Mat | XBOS-X Controller | Windows 11 Pro

 

Spoiler

Server: Fractal Design Define R6 | Ryzen 3950x | ASRock X570 Taichi | EVGA GTX1070 FTW | 64GB (4x16GB) Corsair Vengeance LPX 3000Mhz | Corsair RM850v2 PSU | Fractal S36 Triple AIO | 10 x 8TB HGST Ultrastar He10 (WD Whitelabel) | 500GB Aorus Gen4 NVMe | 2 x 1TB Crucial P1 NVMe | LSI 9211-8i HBA

 

Link to comment
Share on other sites

Link to post
Share on other sites

23 hours ago, Jarsky said:

What are you looking for DDoS Protection for at home if not a website? maybe a proxy or vpn is more what you're after depending what you're running that's at risk?

 

There are various security measures you can take to minimise DoS attacks. Many routers have built in firewalls, make sure thats enabled - they often block SYN & UDP flood attacks, have the option to disable ICMP requests or sometimes have ICMP flood settings which covers the most common attack (smurf attack). You can always get dedicated firewalls as well, either software like pfSense, or hardware like a Unifi USG. You want to only open ports you need to as well. 

 

Game servers. It's much more economical to run them at own on a dedicated server than to rent them.

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, Dreamplay said:

Game servers. It's much more economical to run them at own on a dedicated server than to rent them.

If hosting your own game server, I'd start by being more selective with giving out the server info. Only do so to people who are your friends and you know won't fuck you with a DDOS.

 

Second, if that's not possible (or the info is already out there, and the ship has sailed, so to speak), then I'd consider perhaps using a proxy. Have your Server Info point to the proxy (either domain, if you have one, or IP) so that when someone "connects" to the server, they're actually connecting to the proxy first. The proxy then forwards the info to your actual game server, and should obfuscate the real IP of your server. Of course, they can still DDOS the proxy, but it's easier to get a new IP on a proxy, etc, then it is to deal with your home connection.

 

However, I think step one should be look at what firewall you currently have, and consider installing a proper hardware firewall (like a Cisco ASA, Ubiquiti, etc), or if you can't afford one, install a server firewall, like pfsense. Keep in mind that an edge firewall is going to work the best (edge firewall meaning it's the first device in your chain, outside of a modem).

For Sale: Meraki Bundle

 

iPhone Xr 128 GB Product Red - HP Spectre x360 13" (i5 - 8 GB RAM - 256 GB SSD) - HP ZBook 15v G5 15" (i7-8850H - 16 GB RAM - 512 GB SSD - NVIDIA Quadro P600)

 

Link to comment
Share on other sites

Link to post
Share on other sites

I used to host a few dozen gaming servers, my datacenter provided the DDoS mitigation. You should enquire with your datacenter if its going to be hosted. 

If its at home though, i'd run a security gateway (firewall) which should be able to mitigate most types of attacks. Of course theres nothing you can do if they just completely flood your connection, and many ISP's frown on people hosting their own servers on home connections for that very reason. 

Spoiler

Desktop: Ryzen9 5950X | ASUS ROG Crosshair VIII Hero (Wifi) | EVGA RTX 3080Ti FTW3 | 32GB (2x16GB) Corsair Dominator Platinum RGB Pro 3600Mhz | EKWB EK-AIO 360D-RGB | EKWB EK-Vardar RGB Fans | 1TB Samsung 980 Pro, 4TB Samsung 980 Pro | Corsair 5000D Airflow | Corsair HX850 Platinum PSU | LG 32" 32GK850G Monitor x2 | Ducky DK2108 Keyboard | Steel Series Sensei Ten | MicroLab Solo 7C Speakers | Audio-Technica ATH-M50xBT2 LE Headphones | TC-Helicon GoXLR | Audio-Technica AT2035 | LTT Desk Mat | XBOS-X Controller | Windows 11 Pro

 

Spoiler

Server: Fractal Design Define R6 | Ryzen 3950x | ASRock X570 Taichi | EVGA GTX1070 FTW | 64GB (4x16GB) Corsair Vengeance LPX 3000Mhz | Corsair RM850v2 PSU | Fractal S36 Triple AIO | 10 x 8TB HGST Ultrastar He10 (WD Whitelabel) | 500GB Aorus Gen4 NVMe | 2 x 1TB Crucial P1 NVMe | LSI 9211-8i HBA

 

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×