Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I host game servers in India. My problem is in India we dont have any data center which provides ddos protection.
In game servers, we get UDP ddos attacks.
In order to overcome this problem, i want to disable international routing .
What i mean to say by that is , I want only people in India region should be able to ping my machine, I have been told that can be achieved by using geo ip files.
But i am not sure how it can be done.
Any software or any thing which you guys can refer?
I have also been told if i can use this
deflatedotmedialayerdotcom
It will help me from ddos udp. Any recommendations?
Thanks
Sachin
No Reply??
Last edited by unSpawn; 11-28-2012 at 04:55 AM.
Reason: //Merged bump: be patient.
Basically you set up blocks for all IP ranges that are not originating in the country of choice, in your case India. Lists of these country specific ranges are available in numerous places on-line. Filtering by country IP is never 100% certain and must be updated regularly.
While doing blocks at server level is an important security element, most DDOS attacks are best mitigated at the border of the network, with the help of your datacentre. If they can't or won't help, and the attack is large enough even blocking them from the server will not keep them from slowing the network connection.
I host game servers in India. My problem is in India we dont have any data center which provides ddos protection.
Real, robust, 'pre-configured' DDoS protection is hard to achieve. I doubt that you'll find anyone, anywhere, who will guarantee you that they can 100% protect against DDoS attacks as part of some standard hosting arrangement. What you will find is that some hosting suppliers are more able and willing to work with you through the details of a specific attack, and the help that they can give, than others.
You ought certainly to be aware that looking through the history of things that people report on LQ as DDoS attacks, it is probably the minority that are actually DDoS attacks. People confuse 'ordinary' DoS attacks (which are simpler to deal with) with DDoS atacks and some people even seem to think that any miscellaneous outbreak of packets that they don't understand must be a DDoS, possibly because that's the thing that they have heard of.
Quote:
Originally Posted by sachinsud
I have also been told if i can use this
deflatedotmedialayerdotcom
That thing has been around for a number of years. It is easy to see what it would do against a plain DoS attack, less clear that it would do anything useful against a true DDoS.
You also need to keep in mind that a true DDoS attack costs money to mount. If you annoy someone sufficiently, they might think that it is worthwhile and if you have a high value business model (eg, casino or on-line gambling?) that loses significant cash for every minute that it is inaccessible, it might be worth it for an evildoer to spend money on attacking you. Otherwise, probably not.
Quote:
In order to overcome this problem, i want to disable international routing .
What i mean to say by that is , I want only people in India region should be able to ping my machine, I have been told that can be achieved by using geo ip files.
You have some reason to think that Indians won't attack your server, but that others will?
True and that IMNSHO is one of the reasons to advise against using it. It's also obsolete because DDoS-Deflate, like some other "anti DoS solutions" like Syn-Deflate, R-fx Fguard, DDoS-Defender or netshield.googlecode.com, are simply based on the wrong ideas using the wrong tools. It's even more sad that these kludges often are fobbed off on those desperate for a remedy instead of pointing them to documentation, let alone suggesting upstream action. Some common characteristics:
- detection / action driven (or hampered?) by a cron job,
- netstat input (which some tools don't even parse well enough) massaged by a sh*tload of user land tools,
- may offer to email reports,
- all rules end up in the filter table INPUT chain.
So instead of pointing out the fallacy of end point "protection" agains DDoS, instead of educating users about do's and don'ts (like taunting), instead of pointing to documentation like the SANS Reading Room or the Network DDoS Incident Response Cheat Sheet (PDF) offer, instead of letting the kernel part of the Netfilter framework bear the brunt of the work as far as rate limiting and filtering is concerned, instead of efficienty using using ipset for blocking, these tools put the the strain on user land (nice if the box is already facing resource exhaustion) degrading performance even more. ...and these are the "less bad" ones. People who get tricked into thinking that blocking things at the application level is useful are even worse off.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.