2

I'm going to start running a gameserver soon and I want a way to reduce the the damage of a denial of service attack.

I want to make it so when someone joins the game their ip adress is added to a textfile (can already do this) and In the event of an attack I can simply use the text file as a whitelist and only allow connections to the server from the IPS that have joined the game in the past. Therefore allowing any user that has played before to join during an attack.

The server is running centOS. Is there anyway I can create a script that I can execute during and after an attack to enable/disable protection?

Or could anyone provide me with a command that uses iptables or whatever it is to whitelist a specified IP and a command that can pipe lines from a text file for use in this situation.

I am not very experienced at all with this kind of thing.

Thanks in advance.

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
John Michael
  • 21
  • 2

1 Answers1

1

Your design is fundamentally broken in three words: Dynamic IP Addresses.

Unless your users are technically savvy enough to update their IP address any time their ISP changes it (which could range from "infrequently" to "a different address every time they connect to your game") you're just going to wind up locking them out.
And frankly if your users are savvy enough to know they have to re-register their IP every time it changes they're going to think you're an idiot for making them have to jump through said hoop. I've been down that road with a software vendor, and it was a MASSIVE inconvenience that is probably a major factor in why they're no longer in business today.

Speak to your ISP about DoS mitigation that can be built in to your hosting plan.
This is the Right Way to deal with a Denial of Service attack -- stopping it before it even gets to your server -- and can employ much more sophisticated measures than "Please tell the administrator every time your IP address changes".

voretaq7
  • 79,345
  • 17
  • 128
  • 213