Anti-ddos protection

Hello, i have questions about rust ddos protection, is there way to prevent people from create lags on server? Some person what was banned after this started ddos attack on one of my servers, everyone almost can't move at all, server restarting didn't help, blocking internet solve problem (just for test), but its not solution.

My actual question how people actually do ddos, and how to prevent this. Is this udp/tcp packets spam or what? How to detect that server is "under attack" and block this connections? Server itself only lagging, cpu's used bit more that usual (but not 100%). Currently i blocked some subnets with large amount of strange connections and it works better, but if attacker change ips this will again happens... Also i'm using linux so can use iptables etc. I just wonder what packets actually sended and how server become lagging...

Thank you for attention.

 

There are some host's that you can buy DDOS Protection... also i know ddos protection for web pages like cloudflare...
When i had my server hosted on Gameservers someone was ddosing console explosion and other shit i just STOPPED the server for 30secs to 1 min and its gone ..

 

I have own machine so hosts is not option. I just need to understand how exactly dos or ddos works for rust attacks, because its not usual ddos when there is just much connections from some ips (even 2000 ips). Possible that there is some simple way to create lags on server with just one ip by using some exploit or so in rust itself, idk... DDos was exactly to one rust server, not web server or any other servers, everything else worked fine.
[DOUBLEPOST=1431547581,1431528912][/DOUBLEPOST]It seems like with editions i working anti-ddos script based on (D)DoS Deflate script, but it only filter tcp connections, not really sure how to correct filter udp connections, for now it drops this "attacks", but if change to udp will happens again... any suggestions?

 

First: if it was the only one ip that attacked you can't you just block it for now in system firewall?

If it's from one IP it's not DDOS technically, just DOS . And if it's an exploit it would be nice of you to catch it .

You could temporarily disable those scripts. Install something like wireshark to capture data. Unban him, setup notice when he shows up. Ban and wait for DOS with wireshark on. After you see server dying ban him again in rust. This time ban him in your system firewall too (server sided windows firewall can do a decent job when set up right). Add block for TCP and UDP alike. Wait a bit to see if he comes back, proxies are not that hard to find after all. If he does, you will have to use some kind of anti(D)DOS solution like your script. If he's just some idiot with a program from a forum that should be enough.

good luck

 

I must again back to this thread. Today i got massive ddos attack on my servers, everything was so much lagging, freezes up to few minutes etc. With some statistics i got that there was many connections from different ips and for short time from those ips was 1-5 mbit attack with udp packets. When i'm tried to banning those ips lags was bit less, but again happens from new ips. In total i banned ~30 completely different ips, and tired and just stop. All ips continued changing and it total there was probably not less that 200 ips.

So i'm just interesting, how hosters actually do anti-ddos protection for rust servers/other udp games? I don't want close my servers only because some bad guys ddos my servers only because its better and they don't want lost they money (yea, from donations on server). It seems like "I crossed someone road". I can't move my servers to some host because: why i should pay for this if i have own good hardware? and actually i just don't have money for this.

So i'm very sad right now that this shit happens, and have no idea what to do, how to defend eventuallyagainst this etc. Will be very bad if there will be just no choice and only just shutdown everything eventually...

I'll grad any information about this. Thank you.

ps just remind that i'm using linux (wine), and can't use any windows protection programs or so. Also i have log ~2GB of all packets (tcpdump) what was sended while ddos attack, but don't actually know what to do with this.

 

Hello, i'm having some issues with RUST and DoS/DDoS attacks, and want some help to solve those issues, i found some DDoS
programs, used by those script kiddies, and have a main question...

- What communication ports RUST need to work? (UDP and TCP)

I want to do a test with my server, shutting absolutely ALL the doors, which are not necessary pro game work as well as block any and all traffic that is not necessary, as malformed packets, etc.

 

UDP 28015 = default server + query/list
TCP 28016 = default RCON

 

Host are analyzing the packages using something called SNORT in their firewall. That will sort out good/bad traffic.

 

I'm currently sniffing a Rust client, connected to the internet and to a server, to check the communication relay and the ports used to the game, gonna to supress al the other ports and traffic to reduce the damage when a !@# attack starts again.

 

Do delays to item spawning/triggering, dissable mass dropping.
I have x10000 server, 1000+ server FPS
Made 1 plugin for do that...

 

huh my friend! may you share it? )

 

I would very much like that too for Blueberry.

 

RUSTKS

 

yeah, i know this server, it's almost similar to mine) you started later and took most part of our players =p but it's ok, competition does servers better)
just wanted to ask you to share DOS plugin, if it possible..

 

DDOS protection is more of a network administration specific topic instead of Rust specific. You may find you will get better answers to your questions on forums such as SpiceWorks or StackOverflow.