Looking for a stable KVM VPS with UDP DDoS Mitigation
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

Looking for a stable KVM VPS with UDP DDoS Mitigation

joojajooja Member
edited February 24 in Requests

Hello i am looking for a VPS with UDP DDoS Mitigation

KVM

1 GB ram

1 core

Windows

Budget: 15 USD monthly

Server will be used to perform UDP hole punching and act like a STUN for users
behind a NAT router.

No OVH or Voxility



Thanks

Comments

  • That’s Voxility

    Thanked by 1Aidan
  • JackJack Member, Provider

    Server will be used to perform UDP hole punching and act like a STUN for users

    What does this actually mean?

  • @Jack said:

    Server will be used to perform UDP hole punching and act like a STUN for users

    What does this actually mean?

    It is basically a third server to circumvent routers that do not accept UDP connections without a game, basically if 2 players can not communicate between them a third server is used to pass network traffic between players or just to translate the port number between the routers.

  • filefile Member

    STUN is a UDP based protocol for doing traversal of NAT like jooja states. Both sides send UDP packets to each other and try to establish a direct path. It can also be used for discovery of your public IP address and mapped port.

    If that fails then you can fallback to a proprietary protocol for doing relaying, or use the standard TURN which is a protocol for doing relaying.

    Standards, standards, standards! They're foundational aspects for the voice/video/data real time communications work in browsers.

    Thanked by 1jooja

    Core Asterisk Developer and Hater of Fax Machines

  • filefile Member

    While @SplitIce doesn't provide a VPS you could pair his DDoS offering with one of your choice. That might fit what you need.

    Core Asterisk Developer and Hater of Fax Machines

  • FranciscoFrancisco Top Provider

    Do you have a port list? There's some ports that are a lot less filtered on Voxility.

    Francisco

    BuyVM - Dedicated KVM Slices / Anycast Support! / Stallion Control Panel / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • @Francisco said:
    Do you have a port list? There's some ports that are a lot less filtered on Voxility.

    Francisco

    Any port between
    3000-8000

    @file said:
    STUN is a UDP based protocol for doing traversal of NAT like jooja states. Both sides send UDP packets to each other and try to establish a direct path. It can also be used for discovery of your public IP address and mapped port.

    If that fails then you can fallback to a proprietary protocol for doing relaying, or use the standard TURN which is a protocol for doing relaying.

    Standards, standards, standards! They're foundational aspects for the voice/video/data real time communications work in browsers.

    Correct

  • FranciscoFrancisco Top Provider

    jooja said: Any port between 3000-8000

    A single port? Or a range?

    Francisco

    BuyVM - Dedicated KVM Slices / Anycast Support! / Stallion Control Panel / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • @Francisco said:

    jooja said: Any port between 3000-8000

    A single port? Or a range?

    Francisco

    Range of 100 ports are ok

  • randvegetarandvegeta Member, Provider

    Location?

  • SplitIceSplitIce Member, Provider
    edited February 25

    @file Thanks for the mention.

    It sounds like we at X4B can do what you are after. Our standard Anycast network (AS13165) does not include Voxility or OVH. You are welcome to forward a port range, or every reasonable UDP port to a backend server of your choosing.

    Thanked by 1file
    X4B - DDoS Protection: EU & US affordable DDoS protection including Layer 7 mitigation.
    Latest Offer: 1TB and 2TB Anycast DDoS Protection (March Madness)
  • joojajooja Member
    edited February 25

    @randvegeta said:
    Location?

    Doesn't matter

  • KMS-Hosting,

  • @Noobskid said:
    KMS-Hosting,

    CPU model : Intel(R) Xeon(R) CPU L5640 @ 2.27GHz

    Number of cores : 1

    CPU frequency : 2266.746 MHz

    Total size of Disk : 58.0 GB (1.5 GB Used)

    Total amount of Mem : 994 MB (85 MB Used)

    Total amount of Swap : 1907 MB (0 MB Used)

    System uptime : 0 days 0 hour 50 min

    Load average : 0.00, 0.01, 0.12

    OS : CentOS 7.4.1708

    Arch : x86_64 (64 Bit)

    Kernel : 3.10.0-123.el7.x86_64

    Virt : kvm


    I/O speed( 32M ) : 122 MB/s

    I/O speed( 256M ) : 136 MB/s

    I/O speed( 2G ) : 124 MB/s

    Average I/O speed : 127.3 MB/s

    Zhujiwiki - VPS offer / dedicated servers offer Info

    Follow My Twitter: https://twitter.com/guonning2000 | Telagram Discuss:https://t.me/zhujiwiki

  • FR_MichaelFR_Michael Member, Provider

    Is this bench from kms?

    first-root.com | German VPS | VPS Starting at 2EUR / Month (excluding VAT)

  • @FR_Michael said:
    Is this bench from kms?

    yes

    Zhujiwiki - VPS offer / dedicated servers offer Info

    Follow My Twitter: https://twitter.com/guonning2000 | Telagram Discuss:https://t.me/zhujiwiki

  • Still looking for a VPS!!!

  • randvegetarandvegeta Member, Provider
    edited February 28

    @jooja said:
    Still looking for a VPS!!!

    Can do it for you in Lithuania. Your spec and budget. Virtualization is Xen though. But I can give you a free test if you like. You can even stress test the server.

  • combahton_itcombahton_it Member, Provider

    @FR_Michael said:
    Is this bench from kms?

    Yes, basically from one of our older nodes from which we have still six running, but as the hardware platform gets older, we will decomission them until Q2/2018.

    Current nodes are running on E5-2660 / E5-2670v2 (HDD), E5-2690v2 (SSD) which provides basically more cpu power on less power usage.

    fastpipe.io ::: Webhosting, Cloud Server and Dedicated Server in Frankfurt, Germany
    Providing also Colocation, IP-Transit, Remote DDoS Protection, Redundant and Custom Solutions - see combahton.net

  • FR_MichaelFR_Michael Member, Provider
    edited February 28

    Thanks for your post. Didn't want to talk bad about you or anything like that. I like what I saw of your business in the past and appreciate companies that develop their own solutions, like your DDoS protection for example.

    first-root.com | German VPS | VPS Starting at 2EUR / Month (excluding VAT)

  • combahton_itcombahton_it Member, Provider

    @FR_Michael said:
    Thanks for your post. Didn't want to talk bad about you or anything like that. I like what O saw of our business in the past and appreciate companies that develop their own solutions, like your DDoS protection for example.

    No worries, I didnt understand you wrong, that was just for general clarification ;-)

    fastpipe.io ::: Webhosting, Cloud Server and Dedicated Server in Frankfurt, Germany
    Providing also Colocation, IP-Transit, Remote DDoS Protection, Redundant and Custom Solutions - see combahton.net

  • Nfoservers has a one core 1gb ram vds (xen vps) for $11.49 with Windows instillation. Protection capacity varies by location, Chicago is basically the best.

  • @AlexJones said:
    Nfoservers has a one core 1gb ram vds (xen vps) for $11.49 with Windows instillation. Protection capacity varies by location, Chicago is basically the best.

    But what about reviews and capacity? Have you used them? Can you share your opinion, and experience?

  • AlexJonesAlexJones Member
    edited March 1

    @desperand said:

    @AlexJones said:
    Nfoservers has a one core 1gb ram vds (xen vps) for $11.49 with Windows instillation. Protection capacity varies by location, Chicago is basically the best.

    But what about reviews and capacity? Have you used them? Can you share your opinion, and experience?

    Nfo is 2nd best mitigation in North America. Ovh game being #1 but nfo adjust their filters almost instantly. Their routing is top notch, I used to run a rust server in Chicago location and someone from Israel was getting more than acceptable ping for his geographical location. Unless you are actually hit by a botnet you're more than fine to use them. I've had a nfo nulled before but it was due to a very large botnet used to ddos the server which was caused by the followers of LostInPlace (online troll). Capacity is by location, Chicago is #1 (110gbps raw or more can be filtered upstream if it's an amp method.) And Seattle is 50gbps I believe. It's on their Network map. Additionally, I made a VPN on an nfo vds once and I was able to Max my 500mbps down 50mbps up internet speed because the bandwidth is usually not utilized often.

  • @AlexJones said:

    @desperand said:

    @AlexJones said:
    Nfoservers has a one core 1gb ram vds (xen vps) for $11.49 with Windows instillation. Protection capacity varies by location, Chicago is basically the best.

    But what about reviews and capacity? Have you used them? Can you share your opinion, and experience?

    Nfo is 2nd best mitigation in North America. Ovh game being #1 but nfo adjust their filters almost instantly. Their routing is top notch, I used to run a rust server in Chicago location and someone from Israel was getting more than acceptable ping for his geographical location. Unless you are actually hit by a botnet you're more than fine to use them. I've had a nfo nulled before but it was due to a very large botnet used to ddos the server which was caused by the followers of LostInPlace (online troll). Capacity is by location, Chicago is #1 (110gbps raw or more can be filtered upstream if it's an amp method.) And Seattle is 50gbps I believe. It's on their Network map. Additionally, I made a VPN on an nfo vds once and I was able to Max my 500mbps down 50mbps up internet speed because the bandwidth is usually not utilized often.

    Do you know any info with facts and numbers related to NFO?
    For example, will it be able to tank 30gbit/s flood from stupid kids with stressers / booters? Or will I get nullrouted at Chicago? How many times have you been nullrouted with them?

  • @desperand said:
    For example, will it be able to tank 30gbit/s flood from stupid kids with stressers / booters? Or will I get nullrouted at Chicago? How many times have you been nullrouted with them?

    I use them in Chicago. We've eaten more than 30gbit/s DDoS and still been functional. Never been null-routed yet as well (2-3 years with them).

  • @imthatguyhere said:

    @desperand said:
    For example, will it be able to tank 30gbit/s flood from stupid kids with stressers / booters? Or will I get nullrouted at Chicago? How many times have you been nullrouted with them?

    I use them in Chicago. We've eaten more than 30gbit/s DDoS and still been functional. Never been null-routed yet as well (2-3 years with them).

    How have you got info about 30Gbit/s if they do not share information about a DDoS attacks (I say this because on their website it says so)

  • @desperand said:
    How have you got info about 30Gbit/s if they do not share information about a DDoS attacks (I say this because on their website it says so)

    Moved 2 gameservers, that were constantly attacked via SSDP UDP DDoS at over 50Gbit/s, over to their VDS line-ups and wasn't null-routed. Saw some packetloss and IPs temporarily blocked, but everything stayed accessible. It's entirely possible that they just lessened the attacks, but I highly doubt it.

  • @imthatguyhere said:

    @desperand said:
    How have you got info about 30Gbit/s if they do not share information about a DDoS attacks (I say this because on their website it says so)

    Moved 2 gameservers, that were constantly attacked via SSDP UDP DDoS at over 50Gbit/s, over to their VDS line-ups and wasn't null-routed. Saw some packetloss and IPs temporarily blocked, but everything stayed accessible. It's entirely possible that they just lessened the attacks, but I highly doubt it.

    What do you mean by no null routes, but IPs being temporarily blocked?

    Do you mean you were able to see zombies being blocked?

  • @Crandolph said:
    What do you mean by no null routes, but IPs being temporarily blocked?

    I mean the services were never disconnected from the network or inaccessible, but some IPs of new people got blocked until the mitigation ended or those that attempted to connect too often. After the mitigation window they alert you ends, they could all reconnect.

  • JoeMeritJoeMerit Member

    we just need an NFOServers coupon code now :)

    Thanked by 1imthatguyhere
  • doghouchdoghouch Member

    @imthatguyhere said:

    @Crandolph said:
    What do you mean by no null routes, but IPs being temporarily blocked?

    I mean the services were never disconnected from the network or inaccessible, but some IPs of new people got blocked until the mitigation ended or those that attempted to connect too often. After the mitigation window they alert you ends, they could all reconnect.

    You still haven’t answered the question. How did you measure the size of the attack if everything was being filtered?

    Thanked by (0):

  • @doghouch said:
    You still haven’t answered the question. How did you measure the size of the attack if everything was being filtered?

    I answered that actually, but you may have missed it. I moved the services that were getting attacks measured at over 50gbps to NFO and they were filtered. As I said, I can't guarantee that the attacks were the same volume, but I doubt they changed much, if at all.

  • AlexJonesAlexJones Member
    edited March 2

    @desperand said:

    @imthatguyhere said:

    @desperand said:
    For example, will it be able to tank 30gbit/s flood from stupid kids with stressers / booters? Or will I get nullrouted at Chicago? How many times have you been nullrouted with them?

    I use them in Chicago. We've eaten more than 30gbit/s DDoS and still been functional. Never been null-routed yet as well (2-3 years with them).

    How have you got info about 30Gbit/s if they do not share information about a DDoS attacks (I say this because on their website it says so)

    If it's amp (ssdp, DNS, ntp etc.), it's blocked upstream so the capacity is more than what's listed on the network locations. Raw udp non amp is what gets you nulled on nfo or a huge reflection attack (120gbps) on a small location would also get you nulled. It really depends on what you're hosting. No one hosts large Gmod servers on nfo because they tend to get hit with huge botnets because of the types of players it attracts but many popular rust servers use nfo because rust attracts less toxic players and the routing/locations are superior to ovh. Don't be discouraged by the fact they null route (very rare), many kids hosting rgh/JTAG lobbies use them to prevent getting booted by script kiddies and 99% of them never encounter issues. Nfo Chicago's raw capacity is 110 gbps as in they can tank that much raw UDP traffic. They have much more capacity for amplification methods.

  • doghouchdoghouch Member

    @imthatguyhere So you estimated the attack size after you moved it...

    That was all I wanted to know (whether you had a precise measurement or if you estimated it based off previous attacks) :P

    Thanked by (0):

  • @doghouch said:
    That was all I wanted to know (whether you had a precise measurement or if you estimated it based off previous attacks) :P

    Agreed, never was my intent to mislead:

    @imthatguyhere said:
    Moved 2 gameservers, that were constantly attacked via SSDP UDP DDoS at over 50Gbit/s, over to their VDS line-ups and wasn't null-routed. Saw some packetloss and IPs temporarily blocked, but everything stayed accessible. It's entirely possible that they just lessened the attacks, but I highly doubt it.

    Thanked by 1doghouch
  • joojajooja Member

    i am with NFO no problems so far.
    Thanks for everyone

    Thanked by 1imthatguyhere
  • @jooja said:
    i am with NFO no problems so far.
    Thanks for everyone

    how many Gb/s NFO can handle you ? like AMP Memche Sport 11211 ? them can handle ? from booter kid ?

  • joojajooja Member

    @Noobskid said:

    @jooja said:
    i am with NFO no problems so far.
    Thanks for everyone

    how many Gb/s NFO can handle you ? like AMP Memche Sport 11211 ? them can handle ? from booter kid ?

    I don't know, but i am pretty sure booters can't take it down.

  • AlexJonesAlexJones Member
    edited March 18

    @Noobskid said:

    @jooja said:
    i am with NFO no problems so far.
    Thanks for everyone

    how many Gb/s NFO can handle you ? like AMP Memche Sport 11211 ? them can handle ? from booter kid ?

    They block all amplifcation ddos methods before they get into the datacenter so yes. Raw capacity is posted here https://www.nfoservers.com/networklocations.php

  • MrMMrM Member

    @AlexJones said:

    @Noobskid said:

    @jooja said:
    i am with NFO no problems so far.
    Thanks for everyone

    how many Gb/s NFO can handle you ? like AMP Memche Sport 11211 ? them can handle ? from booter kid ?

    They block all amplifcation ddos methods before they get into the datacenter so yes. Raw capacity is posted here https://www.nfoservers.com/networklocations.php

    how about UDP raw payload them can handle ?

  • It depends on how many attacks are coming in when you get attacked. If not many then they'll probably let you do 80% of the network capacity listed on their page any more and you'll get nullrouted. If you need a lot of raw udp protection from a botnet get ovh game

Sign In or Register to comment.