LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 11-27-2012, 10:35 PM   #1
sachinsud
Member
 
Registered: Aug 2011
Posts: 38

Rep: Reputation: Disabled
Exclamation


Hi,

I host game servers in India. My problem is in India we dont have any data center which provides ddos protection.

In game servers, we get UDP ddos attacks.

In order to overcome this problem, i want to disable international routing .
What i mean to say by that is , I want only people in India region should be able to ping my machine, I have been told that can be achieved by using geo ip files.
But i am not sure how it can be done.
Any software or any thing which you guys can refer?

I have also been told if i can use this
deflatedotmedialayerdotcom

It will help me from ddos udp. Any recommendations?

Thanks
Sachin

No Reply??

Last edited by unSpawn; 11-28-2012 at 04:55 AM. Reason: //Merged bump: be patient.
 
Old 11-28-2012, 12:07 PM   #2
NyteOwl
Member
 
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 512

Rep: Reputation: 138Reputation: 138
Basically you set up blocks for all IP ranges that are not originating in the country of choice, in your case India. Lists of these country specific ranges are available in numerous places on-line. Filtering by country IP is never 100% certain and must be updated regularly.

While doing blocks at server level is an important security element, most DDOS attacks are best mitigated at the border of the network, with the help of your datacentre. If they can't or won't help, and the attack is large enough even blocking them from the server will not keep them from slowing the network connection.
 
Old 11-29-2012, 09:18 AM   #3
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 3,860

Rep: Reputation: 768Reputation: 768Reputation: 768Reputation: 768Reputation: 768Reputation: 768Reputation: 768
Quote:
Originally Posted by sachinsud View Post
Hi,

I host game servers in India. My problem is in India we dont have any data center which provides ddos protection.
Real, robust, 'pre-configured' DDoS protection is hard to achieve. I doubt that you'll find anyone, anywhere, who will guarantee you that they can 100% protect against DDoS attacks as part of some standard hosting arrangement. What you will find is that some hosting suppliers are more able and willing to work with you through the details of a specific attack, and the help that they can give, than others.

You ought certainly to be aware that looking through the history of things that people report on LQ as DDoS attacks, it is probably the minority that are actually DDoS attacks. People confuse 'ordinary' DoS attacks (which are simpler to deal with) with DDoS atacks and some people even seem to think that any miscellaneous outbreak of packets that they don't understand must be a DDoS, possibly because that's the thing that they have heard of.

Quote:
Originally Posted by sachinsud View Post
I have also been told if i can use this
deflatedotmedialayerdotcom
That thing has been around for a number of years. It is easy to see what it would do against a plain DoS attack, less clear that it would do anything useful against a true DDoS.

You also need to keep in mind that a true DDoS attack costs money to mount. If you annoy someone sufficiently, they might think that it is worthwhile and if you have a high value business model (eg, casino or on-line gambling?) that loses significant cash for every minute that it is inaccessible, it might be worth it for an evildoer to spend money on attacking you. Otherwise, probably not.

Quote:
In order to overcome this problem, i want to disable international routing .
What i mean to say by that is , I want only people in India region should be able to ping my machine, I have been told that can be achieved by using geo ip files.
You have some reason to think that Indians won't attack your server, but that others will?
 
Old 11-29-2012, 01:09 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601
Quote:
Originally Posted by salasi View Post
That thing has been around for a number of years.
True and that IMNSHO is one of the reasons to advise against using it. It's also obsolete because DDoS-Deflate, like some other "anti DoS solutions" like Syn-Deflate, R-fx Fguard, DDoS-Defender or netshield.googlecode.com, are simply based on the wrong ideas using the wrong tools. It's even more sad that these kludges often are fobbed off on those desperate for a remedy instead of pointing them to documentation, let alone suggesting upstream action. Some common characteristics:
- detection / action driven (or hampered?) by a cron job,
- netstat input (which some tools don't even parse well enough) massaged by a sh*tload of user land tools,
- may offer to email reports,
- all rules end up in the filter table INPUT chain.

So instead of pointing out the fallacy of end point "protection" agains DDoS, instead of educating users about do's and don'ts (like taunting), instead of pointing to documentation like the SANS Reading Room or the Network DDoS Incident Response Cheat Sheet (PDF) offer, instead of letting the kernel part of the Netfilter framework bear the brunt of the work as far as rate limiting and filtering is concerned, instead of efficienty using using ipset for blocking, these tools put the the strain on user land (nice if the box is already facing resource exhaustion) degrading performance even more. ...and these are the "less bad" ones. People who get tricked into thinking that blocking things at the application level is useful are even worse off.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Router/Firewall/IPS system Oxagast Linux - Networking 2 05-23-2009 08:43 PM
IPS vs Firewall priyadarshan Linux - Security 10 03-20-2009 02:14 AM
firewall with private ips samg Linux - Security 7 06-02-2006 06:41 PM
Firewall lets ips which are not in the firewall ... why ? sys7em Linux - Networking 2 06-30-2005 12:50 PM
Linux firewall that supports USB ADSL & multiple public IPs? Smoothieu Linux - Security 1 08-21-2002 06:23 PM


All times are GMT -5. The time now is 07:03 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration