0

What's the most effecient way to prevent DoS attacks for game servers?

Currently I do something like this:

iptables -A INPUT -p udp --dport 27015 -m length --length 28 -j DROP

Is it the best way?

Alon Gubkin
  • 666
  • 3
  • 7
  • 12

4 Answers4

1

I'm sure that will stop one type of DOS attack but to really prevent many different kinds of DOS attacks place a good security device in front of the server. I'm a fan of a Cisco ASA with the IPS module.

To prevent a DDOS attack....wow...lots of planning and good relationships with your ISPs

Jason Berg
  • 19,084
  • 6
  • 40
  • 55
1

There is no way to absolutely stop a DOS attack, but what you want to do is minimise the risk of becoming a target.

Close all ports that are not related to your game server. Including making sure your game server is not PING visible.

There are also lists of IP ranges that make it possible to block entire countries (well, fairly much), such as china and korea. You might want to look at that as an option as well.

EDIT: there are also number active of protection systems available (not sure which ones are available for gaming servers). What they do is look for patterns of DOS activity and block traffic from those sources if they suspect a DOS attack. These can be quite effective.

hookenz
  • 14,472
  • 23
  • 88
  • 143
  • 2
    Might be being picky here but DoS attacks are typically from one source and so quite simple to mitigate. DDoS attacks, on the other hand, are very difficult to prevent. – James L Sep 14 '10 at 21:48
  • 1
    I think you're being picky. You only need one source IP to wreak havoc! – hookenz Sep 15 '10 at 01:12
0

Sorry, I can't comment yet, so don't evaluate this as a real answer.

Whoa! What game is this for? DoSing and DDoSing with botnets were popular bullying techniques in a game I used to play, I am sorry to say.

As far as I know, there's a limited amount you can do, because the flooding then simply happens earlier in the chain. At some point, I believe, it will become distributed enough, but that depends on how the ISP deals with this kind of thing and how sophisticated it is.

Mark C
  • 129
  • 1
  • 7
  • Port 27015 probably a valve based game: Counter Strike, Team Fortress, etc. – iainlbc Sep 14 '10 at 20:18
  • Ah yes, good eye. I saw that but wasn't thinking (and I don't know server management :) ). – Mark C Sep 14 '10 at 20:22
  • Heh, I got DDoSed by one of the botnet guys because he was unhappy with something I said or did. I simply unplugged my LAN cable, but when he found out I wasn't joking about being on the university's academic network he backed off real fast. And sorry Jason, I can't vote yet. – Mark C Sep 14 '10 at 20:26
  • Yes, it's Counter-Strike: Source. – Alon Gubkin Sep 14 '10 at 20:28
0

If this is for any of the VALVe Games, set an auto IP ban for dropped connections.

I used to have mani modified to allow me to check connections constantly. It used to check if the user had disconnected within 200 miliseconds and had not been actually ingame, it would IP ban them as a "DoS" attack.

Matt Lima
  • 151
  • 2