Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Whats the best method to handle DDoS ?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Whats the best method to handle DDoS ?

DianTamaDianTama Member
edited February 2016 in Help

Hi LET,
Today my TeamSpeak Server got DDoSed and now the IP has been null routed. And My question is, is there any way i can defend my server from getting DDoSed ?

Note : I cant get DDoS protection Server because no provider in Indonesia has that services.

Edit 1 : I have use CSF and block some naughty country but it seems not working.

Edit 2 : Before the server down i see network traffic using vnstat -l and got this rx: 182.86 Mbit/s 59630 p/s tx: 2.99 Mbit/s 2975 p/s

Edit 3 : Just received the Attacker IP List from DediServe - http://1drv.ms/1KH9meN

«1

Comments

  • HBAndreiHBAndrei Member, Top Host, Host Rep

    DianTama said: Edit 1 : I have use CSF and block some naughty country but it seems not working.

    CSF can't prevent a proper DDOS attack, no software on your server can.

  • Null route the IP or Move your setup to some other provider who has DDOS protection

  • adxnadxn Member, Host Rep

    @DianTama said:
    Hi LET,
    Today my TeamSpeak Server got DDoSed and now the IP has been null routed. And My question is, is there any way i can defend my server from getting DDoSed ?

    Note : I cant get DDoS protection Server because no provider in Indonesia has that services.

    Edit 1 : I have use CSF and block some naughty country but it seems not working.

    move your server to a provider with DDoS protection if no one from ur country provides that then move to an another country where you will find it.

  • Proxy from a vps that does have ddos protection to your server that doesn't and don't use the public IP provide a domain name to the teamspeak users

    1. Find a provider who has protection

    2. Don't piss people off who have power to do it.

  • @simonindia said:
    Null route the IP or Move your setup to some other provider who has DDOS protection

    my IP has null routed for now :)

    @adxn said:
    move your server to a provider with DDoS protection if no one from ur country provides that then move to an another country where you will find it.

    And for moving to another country i cant because its teamspeak

  • @GCat said:
    1. Find a provider who has protection

    1. Don't piss people off who have power to do it.

    So sad no provider in Indonesia / SEA has protection.
    And i never piss people off because my server is in a neutral position. And this attack not just happen to me but to all Teamspeak server in Indonesia who has 100+ slot.

  • DianTama said: And for moving to another country i cant because its teamspeak

    What?! That doesn't make any sense.

  • @Frecyboy said:
    What?! That doesn't make any sense.

    For teamspeak server i need low Ping for the best experience. and the reason i cant move because Indonesia & Singapore ( the closest country ) doesnt have ddos protection

  • @DianTama said:

    In that case you're stuck with a null route and some downtime

  • jhjh Member

    Kindly purchase asus Router

    image

  • hawchawc Moderator, LIR

    That's not going to work just getting a router with DoS protection. The attack still floods your pipe

  • DianTama said: For teamspeak server i need low Ping for the best experience.

    You won't see much off a difference, as long as there is no packet loss.

    I'm often on servers located at the other side of the world, so 200+ ping, and it's still working fine. Did you ever tried a server in ex. USA?

  • @Frecyboy said:
    I'm often on servers located at the other side of the world, so 200+ ping, and it's still working fine. Did you ever tried a server in ex. USA?

    My Community aim to get More Player in their location so i cant move :) sorry and thanks for your suggestion

  • @DianTama said:
    My Community aim to get More Player in their location so i cant move :) sorry and thanks for your suggestion

    Surely if you're community can't talk to each other your not going to have any players once they get fed up of being ddos'd?

  • BoltersdriveerBoltersdriveer Member, LIR
    edited February 2016

    It's a common problem - I've been getting attacks on my Singapore game servers as well for the past 2 months, with little that can be done. There is in fact DDoS protection offered by IndoVirtue for Singapore location, but it's very likely out of your (and mine) budget. The problem so far is really the providers here also have little capacity to deal with attacks, and other than that, there still isn't a significant market requiring DDoS protection services in the region for now, and people aren't willing to pay huge amounts just for it.

  • number one way to stop ddos is to get a provider that can protect you from it. You can always use something like cloudflare but it's not 100% , you should always have some hardware ddos protection for servers. And keeping the community happy is a good idea also

  • @ceibaNet said:
    number one way to stop ddos is to get a provider that can protect you from it. You can always use something like cloudflare but it's not 100% , you should always have some hardware ddos protection for servers. And keeping the community happy is a good idea also

    We are talking about TeamSpeak, since when does cloudflare protect ddos for TeamSpeak servers?

  • MunMun Member
    edited February 2016

    @ceibaNet said:
    number one way to stop ddos is to get a provider that can protect you from it. You can always use something like cloudflare but it's not 100% , you should always have some hardware ddos protection for servers. And keeping the community happy is a good idea also

    This is why I like to call this community Low End Trash, as clearly you have zero clue on how cloudflare operates. Thank you for proving that you are an absolute idiot.

    In regards to this your best option would be to find a location that can handle DDOS protection.

    If it is seriously unavailable, and can't find anything in a greater area, and you are unwilling to look past Indonesia then work with your provider to setup a system that will autonull when you get attacked, but you will be down as much as they attack.

    Also make sure you are running the newest version of Team Speak, they had a nasty DOS amplification variant a few releases back. i.e. you were being used to attack someone else.

    p.s. it doesn't look like they were attacking you to attack someone else though via the data you posted.

  • DianTama said: And i never piss people off because my server is in a neutral position

    In this day and age it happens...I've been hosting my sites for years and years without a single attack and finally got one a week or so ago.

    I moved my stuff that was attacked to PhotonVPS (Psychz) for their free 10Gbps DDoS protection. There's a lot of providers offering DDoS protection nowadays (sign of the times!) so there's plenty of options available.

    Good luck and let us know what you end up doing :)

  • DianTamaDianTama Member
    edited February 2016

    @Mun said:
    p.s. it doesn't look like they were attacking you to attack someone else though via the data you posted.

    Im using the newest teamspeak and yet its still happening. They are attack me using some like BotNet or infected PC maybe, the dest IP is my ip address and the SRC IP is the attacker IP.

    @sin said:
    Good luck and let us know what you end up doing :)

    If im hosting a website this not gonna be a big problem because its easy to move to other provider. But this a teamspeak server and its really hard to move to other provider that far far away from my location

  • FlamesRunnerFlamesRunner Member
    edited February 2016

    You need to mitigate the attack on the network level - a null route is where your IP is announced to a black hole, meaning neither you or the attacker can reach it.

    You'd need a killer network for it, and the ability to announce your own IP block (ASN, IPs, etc).

  • There are ways to keep your server in indonesia even without ddos protection, but you need some extra money (and it won't work if the attacker really hates you and has extra cash to bring you or your providers network down).

    You can setup a dns (ex: Amazon route 53) to rotate/distribute requests among several ip's (frontend vps machines with a speedy connection in different providers).

    On each one of those machines, you can do some firewall filtering (limit requests, validate packets, etc) and install haproxy which I believe, will work for teamspeak.

    Your frontend machines can send the requests back to your (some good performance dedicated server).

    There's an example on how to do this for http requests with nginx (but you get the idea) http://blog.unixy.net/2010/08/the-penultimate-guide-to-stopping-a-ddos-attack-a-new-approach/
    http://www.loadbalancer.org/uk/blog/simple-denial-of-service-dos-attack-mitigation-using-haproxy-2

  • doghouchdoghouch Member
    edited February 2016

    @GCat said:
    1. Find a provider who has protection

    1. Don't piss people off who have power to do it.

    Don't try more than 800 GBPS (okay, it was 794 GBPS at peak, I just rounded it up) on OVH - they got REALLY pissed when I got attacked and my IP got changed my IP for "stability reasons..."

  • @doghouch said:
    Don't try more than 800 GBPS (okay, it was 794 GBPS at peak, I just rounded it up) on OVH - they got REALLY pissed when I got attacked and my IP got changed my IP for "stability reasons..."

    lol the new "normal" attack sizes it feels.

    Last attack I got was 213gbps peaked, lowered to about 20 gbps sustained for two hours, my server stood up to the attack for about 3 1/2 hours before it finally crapped out and went offline when ISP said it was starting to affect other customers.

  • if you dont mind having a server in the US i highly recommend hudsonvalleyhost.com

    these guys provide very good support and their Riorey based DDoS protection truely works! i've tested staminus and many other ddos protection solution and they all got #wrecked with a $1 ddos attack, riorey wont go down that easy.

  • Hide your teamspeak IP and port from any public server lists, or only give it out to trusted community members?

  • edited February 2016

    CSF isn't going to help you. You need something to migrate the attack before it can hit your server. Software firewalls wont be useful if the attack has already hit your server and brought it down.

    If we were talking about a huge website, I'd start talking about DDoS protection from a datacenter, then hardware firewalls behind that. As this is for a TS server, it's not cost effective to do that.

  • @linuxthefish said:
    Hide your teamspeak IP and port from any public server lists, or only give it out to trusted community members?

    Thats what im thinking for now. I will just block teamspeak port for weblisting so my Public IP will not get listed in server list until the situation is clear. and give the ip just for my member.

  • doghouchdoghouch Member
    edited February 2016

    @GCat said:
    Last attack I got was 213gbps peaked, lowered to about 20 gbps sustained for two hours, my server stood up to the attack for about 3 1/2 hours before it finally crapped out and went offline when ISP said it was starting to affect other customers.

    It was 794 GBPS at peak, but the lowest of the attack was around ~350ish GBPS. The attack was on for around 5 hours, not too bad in my eyes, but to OVH... they're like HOW'D YOU ATTRACT A 800 GBPS ATTACK????

Sign In or Register to comment.