Hi,
I host game servers in India. My problem is in India we dont have any data center which provides ddos protection. In game servers, we get UDP ddos attacks. In order to overcome this problem, i want to disable international routing . What i mean to say by that is , I want only people in India region should be able to ping my machine, I have been told that can be achieved by using geo ip files. But i am not sure how it can be done. Any software or any thing which you guys can refer? I have also been told if i can use this deflatedotmedialayerdotcom It will help me from ddos udp. Any recommendations? Thanks Sachin No Reply?? :( |
Basically you set up blocks for all IP ranges that are not originating in the country of choice, in your case India. Lists of these country specific ranges are available in numerous places on-line. Filtering by country IP is never 100% certain and must be updated regularly.
While doing blocks at server level is an important security element, most DDOS attacks are best mitigated at the border of the network, with the help of your datacentre. If they can't or won't help, and the attack is large enough even blocking them from the server will not keep them from slowing the network connection. |
Quote:
You ought certainly to be aware that looking through the history of things that people report on LQ as DDoS attacks, it is probably the minority that are actually DDoS attacks. People confuse 'ordinary' DoS attacks (which are simpler to deal with) with DDoS atacks and some people even seem to think that any miscellaneous outbreak of packets that they don't understand must be a DDoS, possibly because that's the thing that they have heard of. Quote:
You also need to keep in mind that a true DDoS attack costs money to mount. If you annoy someone sufficiently, they might think that it is worthwhile and if you have a high value business model (eg, casino or on-line gambling?) that loses significant cash for every minute that it is inaccessible, it might be worth it for an evildoer to spend money on attacking you. Otherwise, probably not. Quote:
|
Quote:
- detection / action driven (or hampered?) by a cron job, - netstat input (which some tools don't even parse well enough) massaged by a sh*tload of user land tools, - may offer to email reports, - all rules end up in the filter table INPUT chain. So instead of pointing out the fallacy of end point "protection" agains DDoS, instead of educating users about do's and don'ts (like taunting), instead of pointing to documentation like the SANS Reading Room or the Network DDoS Incident Response Cheat Sheet (PDF) offer, instead of letting the kernel part of the Netfilter framework bear the brunt of the work as far as rate limiting and filtering is concerned, instead of efficienty using using ipset for blocking, these tools put the the strain on user land (nice if the box is already facing resource exhaustion) degrading performance even more. ...and these are the "less bad" ones. People who get tricked into thinking that blocking things at the application level is useful are even worse off. |
All times are GMT -5. The time now is 10:10 AM. |