4

I am a creator of a flash game server. I use cloudflare for my site, however the game tcp server cant be protected by CloudFlare. For about 2 months some person DDoSes my game using direct ip. Every VPS/Dedicated server provider instantly null routes my server ip and suspends server. I have no idea what to do. The attack probably comes from a botnet. Its about 2.5 gbps.

user2196536
  • 55
  • 1
  • 1
  • 3
  • 3
    if they're using the same ip each time you can block that ip – Drew Khoury Aug 11 '13 at 10:32
  • 1
    @DrewKhoury: How would that help? The traffic would cause precisely the same harm whether he blocked it or not. – David Schwartz Aug 12 '13 at 06:49
  • If you block this at the firewall stage (before it reaches your machine) it can work. it depends on your infrastructure and how aggresive the ddos attacks are. – Drew Khoury Aug 12 '13 at 07:09
  • @DrewKhoury A DDOS attack is virtually always more than enough to sature any reasonable consumer or corporate link (except for the biggest corporations, and ISPs that really need to be able to push huge amounts of data), so filtering after the traffic has hit your link in any way shape or form doesn't help reduce the impact of the traffic on your connectivity. The filtering needs to be done before the traffic hits your link, which it does well before hitting a firewall under your direct control, so it isn't quite as simple as just "filter it out". – user Aug 12 '13 at 07:36

2 Answers2

6

If you've got a budget for this, a proper decent budget, then you should investigate the possibility of hosting your own servers, in colocation.

Then you'll have full control over the network, routing and firewalling, as well as the servers. You'd be able to arrange transit connectivity and peering (as required), but more importantly, you'd be able to use a cloud-based DDoS mitigation mechanism, known as a "clean pipe" provider.

That said, you might be able to do that as it stands, depending on what your dedicated host will allow you to do. -- I haven't looked very hard, but I suspect you'd need to find a host that would allow you to utilise a proper dedicated firewall to connect to the clean pipe service.

A Clean Pipe basically is where the traffic to you is tunneled (with GRE) to a service provider in the cloud (who have LOTS of bandwidth), and firewalled and filtered, before being tunneled back to your network.

DDoS mitigation is notoriously difficult, because generally by the time the traffic reaches you, it's already saturated the link to your server, so the only thing to do is have your service provider block it when it reaches their edge.

Tom O'Connor
  • 27,440
  • 10
  • 72
  • 148
1

Basically, you've got only two solutions as said earlier. Either you have a budget to host yoursef and then create an infrastructure able to absorb and filter DDoS traffic.

Or you can search for a hoster with this kind of technical solution on its network like OVH.com which provide a CleanPipe solution named VAC (stand for vacuum) and which seems to be able to absob a DDoS of about 160 Gbits/second.

user
  • 4,267
  • 4
  • 32
  • 70
Dr I
  • 943
  • 16
  • 33
  • I haven't looked, but are you sure that's supposed to be 160 GB/s (equivalent to almost 1.3 terabits/second)? 160 gigabits/second sounds like a more reasonable figure. – user Aug 11 '13 at 18:11
  • Ooops my bad as you noticed it ;-) Obviously you should read 160Gbps and not 160GBps x) – Dr I Aug 11 '13 at 22:14