Defend against ddos attacks

[DataFlow]

What its the best way to defend against ddos attacks?

[proxx]

Depends what kind of attack, whats it targetted at and what OS you use.
Please give more details.

[DataFlow]

Linux.

Its a private game server.

and we are being ddosed at rate 10 GBit/s

[ande]

Like proxx said, still depends on what kind of attack. A UDP flood or SYN flood(any type of flood that does not require or use an established connection) will be 10GBit/s no matter what you do at your end. In this case you will have to contact the hosting provider and ask them to block it at a higher level so that the traffic never reaches your server.

However, many flood types are only effective because of poorly written services that will just accept tons and tons of gibberish data without severing the connection. In this case, just add the IP address of the flooder to iptables or if on windows, whatever firewall policy you are using.

[proxx]

You could try to drop the packets with iptables.
Use drop and do not actively block the packets.
But as stated thats a lot of traffic.

Blocking the IP's is possible however not always practical.
You basically dont want to generate CPU cycles.

What kind of traffic are you receiving?

[Stackprotector]

You might consider blocking everything and only allowing some ip's (as i assume it is a PRIVATE server)

[WirelessDesert]

You might consider blocking everything and only allowing some ip's (as i assume it is a PRIVATE server)

Just a question: Wouldn't blocking IP's just generate more problem then doing something else, since then you(the server) have to check if the ip is blocked, and then ignore to send any packets to it!??

[ande]

Just a question: Wouldn't blocking IP's just generate more problem then doing something else, since then you(the server) have to check if the ip is blocked, and then ignore to send any packets to it!??

You are most certainly right. But the alternative is much worse; Your services taking all the traffic and being unresponsive. Unless its a flood not targeting services ofc. In which case, there is no point in blocking it if the server is still more or less responding.

With that being said, iptables(assuming you are using linux) has a pretty decent performance. The DoS needs to be pretty hardcore and the filter list pretty huge before any performance issues arise.


EDIT: This is also another reason to contact the hosters and ask them to block IP's before they ever reach you.

[iTpHo3NiX]

CloudFlare

[Stackprotector]

CloudFlare

In don't think a premium cloud DNC would help a private gaming server. Serverside solutions or isp solutions. Or buy some extra hardware.

[h4xx0r]

In don't think a premium cloud DNC would help a private gaming server. Serverside solutions or isp solutions. Or buy some extra hardware.

Cloudflare won't provide protection for your gaming servers.
Like the guy said above, you need to contact the datacenter and ask them to block the intruder IP at a level higher than you have access to so the DDoS doesn't even reach the DC.