Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: DoS/DDoS mitigation strategies

  1. #1
    Über Prodigy & Developer Razo[R]apiD's Avatar
    Join Date
    May 2010
    Location
    Poland, Lublin
    Posts
    3,257

    Default DoS/DDoS mitigation strategies

    I have an idea of making it really hard to target specific servers for DoS/DDoS.

    The idea is as follows:

    1. xNULL hosts dynamic server discovery service (something like DNS)
    2. xNULL hosts UDP reverse proxy servers that can auto-scale
    3. MoHAA servers register in the common register but they don't make their addresses available to the public
    4. MoHAA clients receive server name/token/id from masterlist, and ask xNULLs DNS for server address
    5. We give them address of one of our proxies and we proxy clients connection to actual MoHAA server

    This way servers wouldn't be under attack. Our infrastructure could end up under attack, but DNS service should be quite stable and we could use cloud for auto-scaling proxy servers, so if one node would be under attack, we would remove it from DNS, spawn new one under new address, and we could notify servers and players about the situation and send some packet that would cause clients to reconnect through different proxy.

    I imagine that this could be expensive... But maybe we wouldn't need auto-scaling etc. or give such service for additional "donation" to keep infrastructure alive. This would protect server owners from stupid kids DDoSing their servers.

  2. #2
    Client Beta Testers Appelpitje's Avatar
    Join Date
    Jan 2012
    Location
    Belgium
    Posts
    571

    Default

    I like the idea and indeed it would be expensive to host such thing. However some people only care about the rank in gametracker, thus their origin IP of the server is exposed through gametracker.. :P

  3. #3

    Default

    If i donated for this project would this be enough evidence for you to understand that i am also a victim of those doss attacks as everybody else?! i sent the attacks statistics that happens in a daily basis i don't know what else to do!

  4. #4
    Administrator James's Avatar
    Join Date
    May 2010
    Location
    on the intraweb
    Posts
    3,180

    Default

    Let me ask you this... If we're serious about building an infrastructure like this; what would it inquire? Hardware/costs? I imagine it would need a special firewall? What are we looking at? Barracuda, Cisco/umbrella?

  5. #5

    Default

    It is indeed a good idea. However, IMHO to implement it would be a hassle and also would need manual intervention if x-null server is under attack that would need manual intervention to respawn a new proxy. All that effort for a game that has barely 10 active public servers.

  6. #6

    Default

    Quote Originally Posted by James View Post
    Let me ask you this... If we're serious about building an infrastructure like this; what would it inquire? Hardware/costs? I imagine it would need a special firewall? What are we looking at? Barracuda, Cisco/umbrella?
    + Does it means X-NULL would need an IP address for each proxified servers?

    Maybe you guys could do something like "2$ for a protection"?

  7. #7
    Über Prodigy & Developer Razo[R]apiD's Avatar
    Join Date
    May 2010
    Location
    Poland, Lublin
    Posts
    3,257

    Default

    Quote Originally Posted by anspectrum View Post
    It is indeed a good idea. However, IMHO to implement it would be a hassle and also would need manual intervention if x-null server is under attack that would need manual intervention to respawn a new proxy. All that effort for a game that has barely 10 active public servers.
    It could be self-healing and spawn new proxies faster then DDoSers ability to redirect the attack. Also proxies could be hosted in cloud. Also if it would be too expensive, we could try few proxies on static servers, but good ones which could survive massive attacks if they are built in such a way (for example client would need to TCP auth to be able to use the proxy, which could allow proxies to drop all unauthenticated packets, so you would need smart DDoS service and it's much more expensive because you need to set it up yourself basically)

  8. #8

    Default

    While it's an interesting idea, it is not feasible, not practical, and would not work. No one wants to play any game through a proxy. Look at Nvidia's Geforce Now. While cool, the latency it adds will kill you in an FPS game.

    https://www.nvidia.com/en-gb/geforce...s/geforce-now/

    That's just my opinion though.
    Browse MOHAA Servers Post GameSpy Era

    VISIT MOHREBORN.COM FOR LATEST INFORMATION



    Medal of Honor: Game Server Browser Fixer - Patches your MOHAA, MOHSH, and MOHBT game binaries to allow you to retrieve a list of game servers within the multi-player menu in-game even after GameSpy ceases operation!

    Medal of Honor: Query Launcher - Find, browse, organize, join, get your ping, and get more information regarding all Medal of Honor (AA, SH, & BT) servers from your PC at any time!
    Medal of Honor: Web Server Master List - Find and browse all Medal of Honor servers online using your browser!
    Add your Medal of Honor Server to the Master List
    YouTube Video for Medal of Honor: Query Launcher and MOHAASERVERS.TK!



    MOHAA Mods and Utilities
    OwN-3m-All's Mods
    Make Me Stock - A program that allows you to easily move-in and move-out non-stock mods and other files at the click of a button. Automates adding / removing mods without having to copy / move files manually.



    Quality Game Servers

    Rent dedicated Dallas Texas, Kansas City, Las Vegas Nevada, Chicago, Pennsylvania, and Sofia Bulgaria MOHAA and other game servers from We Be HostiN starting at $10 a month.


  9. #9
    Client Beta Testers Appelpitje's Avatar
    Join Date
    Jan 2012
    Location
    Belgium
    Posts
    571

    Default

    Get some cloud servers with public IPs that will act as the proxy servers in front other cloud servers with only a internal/private IP and redirect traffic through the proxy to the moh server on a server with private IP.
    Ofcourse the moh server will have to move to those servers and are not at their old place.. There will always be a trade off somehow.

  10. #10
    Developer Todesengel's Avatar
    Join Date
    Dec 2013
    Location
    St. Louis, Missouri, USA
    Posts
    276

    Default

    Nah. People have been trying to solve the general DDos problem for years. No perfect solution is out there. Most of the 'solutions' out there (and thoughts above) require scaling that we are not going to get, even if we 'put it in the cloud'. At the least, we're not going to be able to manage routing tables at the level required. Specifically, trying to spread the attack surface amongst a few more machines is unlikely to help. If you have 10,000 soldiers attacking a single home, saying you'll add 5 or 10 more homes to the defense to 'spread out' those 10,000 soldiers attacking just isn't going to register on the efficacy scale.

    I think the best you are going to be able to do is mitigate it at one central point, and hope that your ip stack is up to snuff to drop offending traffic. At some point, dropping Xk pps isn't going to help, it's a flood

    That being said, I was kicking some thoughts around in PM's with RazorRapid on discord last night, and we came up with a few thoughts that might help in this specific situation - rather than solve the worlds ddos problems in general. I'm not going to post it here, I'll move to the private developer forum and toss those additional ideas into the mix.
    Last edited by Todesengel; November 5th, 2019 at 06:14 AM. Reason: grammar

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •