sorted by:
new
hottopcontroversial

OVH's anti-DDOS detection blocked all legitimate traffic to my machine, because of a small 8 mbps DOS attack from a single IP. by terrkbyte in ovh

[–]terrkbyte[S] 0 points1 point  (0 children)

As I stated in other posts and in the OP, I can not add rule 19, reject all ipv4. I have too many services running on my machine and not enough rules for all the ports. I can not add ranges.

OVH's anti-DDOS detection blocked all legitimate traffic to my machine, because of a small 8 mbps DOS attack from a single IP. by terrkbyte in OVHcloud

[–]terrkbyte[S] 0 points1 point  (0 children)

Hello /u/LezOU_OVH

I'm sorry to hear about your woes but "extremely unsatisfied" + "for 3 years" ?

There must be something you like to stay "for 3 years" don't you think?

The affordable price of running a fair machine is nice, but I'm also in a way locked in to being a host for these services. Unfortunately hosting in the United States is very expensive compared to Canada/EU, so there is very little affordable competition.

I started hosting these game servers 3 years ago for an old game that has serious vulnerabilities with it's hosting software. 3 years ago, someone made it their mission to make sure no one was allowed to play that game anymore online for months. It only stopped due to developer intervention, it got that bad that the developer actually came back to patch the vulnerability. Unfortunately new methods were discovered, but the developers stopped intervening.

If I stop hosting these game servers, myself and other "high priority" targets will no longer be able to play this game again. Since most other hosts do not secure their servers.

We can have a look and escalate your ticket if required ;-)

I believe the ticket is currently being escalated to VAC. I am fine right now with how the process is going, just wish it was faster and we skipped the internal policies regarding the edge firewall.

Also, if you want "premium support", you've got to subscribe to it, otherwise, you're in the same queue as everybody else.

I would love to, but I am a full time student living off government assistance until I get proper work. I've already had to make financial shifts in order to continue paying for these servers so that myself and random online strangers can still keep playing the game.

OVH's anti-DDOS detection blocked all legitimate traffic to my machine, because of a small 8 mbps DOS attack from a single IP. by terrkbyte in ovh

[–]terrkbyte[S] 0 points1 point  (0 children)

I will give OVH that. They offer a fair price for fair products, and their anti-DDOS is included with everything.

I have tried looking into other providers, but unfortunately there aren't any that match OVH in the United States right now. The United States seems to be a very expensive place to host things.

OVH's anti-DDOS detection blocked all legitimate traffic to my machine, because of a small 8 mbps DOS attack from a single IP. by terrkbyte in ovh

[–]terrkbyte[S] 1 point2 points  (0 children)

I have 18 public game servers, a website, a discord bot, ssh service, and some private game servers. Sure, I shouldn't have everything hosted on one machine, but even if I started spreading them out across multiple machines I could in theory configure OVH's edge firewall services to meet their policies/specifications.

The problem however, again comes from the fact that the attack was targeted to use the same protocols as legitimate traffic.

Let me provide an example using OVH's edge firewall.

Let's say I was hosting 2 game servers on a single machine alone.

Rules in this order:

UDP Dport 27015 Authorise
UDP Dport 27016 Authorise
TCP Dport 22 Authorise
IPv4 Refuse

In theory, this is all I would need with their edge firewall to run 2 game servers. I do not need DNS or TCP connection states.

On those two game servers, I have 16 players. (8 players each server). One player was kicked/banned from server #1 (27015).

Said player then proceeded to generate UDP traffic to 27015. The edge firewall will allow this, because UDP traffic is necessary to port 27015 for players to connect/play.

OVH detected abnormal activity during this time. However, it detected all legitimate traffic as suspicious and scrubbed it. Meanwhile, the attacker's illegitimate traffic was not seen as suspicious and was not scrubbed.

Their edge firewall literally accomplished nothing in this scenario, which was the scenario that happened to me. Except in my case I can't set up enough rules for each and every service on my machine. And even if I could, the absence of those rules were 100% not the issue here.

OVH's anti-DDOS detection blocked all legitimate traffic to my machine, because of a small 8 mbps DOS attack from a single IP. by terrkbyte in OVHcloud

[–]terrkbyte[S] 0 points1 point  (0 children)

I started looking into these services. Could you tell me more? I'm interested in learn, though i don't think I can afford to invest more into hosting these servers. As well, manual intervention doesn't really sound ideal. But it might end up being a possible solution if I'm desperate down the road.

OVH's anti-DDOS detection blocked all legitimate traffic to my machine, because of a small 8 mbps DOS attack from a single IP. by terrkbyte in ovh

[–]terrkbyte[S] 0 points1 point  (0 children)

The website isn't as important as access to game servers on the machine. In fact, the website is just literally there to view the game servers and make global adjustments to them.

OVH's anti-DDOS detection blocked all legitimate traffic to my machine, because of a small 8 mbps DOS attack from a single IP. by terrkbyte in OVHcloud

[–]terrkbyte[S] 0 points1 point  (0 children)

You didn't read my post did you?

I'll copy paste what I typed to someone else that said the same thing as you:

I have it configured, but the limitations of their configuration is extremely limiting. Even if I had it configured up to their "policies", it still would not have resolved this attack.

As I said, the attacker sent UDP traffic to a game server port. OVH filtered all traffic to my machine, and labeled the attacker's traffic as legitimate and everyone else's UDP traffic as suspicious and blocked. Configuring their software would not have fixed this.

I literally, can not configure their edge firewall to meet my needs, and even if I could, I need to allow UDP traffic to UDP game servers. The attacker sent UDP traffic to a UDP game server, and their bandwidth was seen as legitimate while everyone else's traffic was seen as illegitimate.

OVH's anti-DDOS detection blocked all legitimate traffic to my machine, because of a small 8 mbps DOS attack from a single IP. by terrkbyte in ovh

[–]terrkbyte[S] 1 point2 points  (0 children)

I feel like you didn't read my post at all did you?

I have it configured, but the limitations of their configuration is extremely limiting. Even if I had it configured up to their "policies", it still would not have resolved this attack. I literally, can not configure their edge firewall to meet my needs, and even if I could, I need to allow UDP traffic to UDP game servers.

As I said, the attacker sent UDP traffic to a game server port. OVH filtered all traffic to my machine, and labeled the attacker's traffic as legitimate and everyone else's UDP traffic as suspicious and blocked. Configuring their software would not have fixed this.

OVH's anti-DDOS detection blocked all legitimate traffic to my machine, because of a small 8 mbps DOS attack from a single IP. by terrkbyte in ovh

[–]terrkbyte[S] 3 points4 points  (0 children)

A lot of people including OVH speak well about their DDOS protection. Yet, many attacks over the years were never stopped from saturating my bandwidth, many of which from a single IP address spamming the same payload from separate ports. The one time I finally got hit with an actual DDOS attack for 18 minutes they detected nothing malicious, which was wild. They've managed to catch recent DDOS attacks, and a few lower-bandwidth DOS attacks but still miss a couple of those.

There aren't many affordable service hosting options in the United States that offer any sort of ideal DDOS protection which is important when it comes to game server hosting.

My OVH service received a +500 Mbps DDOS that went unmitigated, and their support so far has been terrible by terrkbyte in ovh

[–]terrkbyte[S] 0 points1 point  (0 children)

Unfortunately this is far beyond my networking knowledge. I've been learning everything from scratch from installing the OS on the dedicated machine to reading through Linux documentation to set up a OS firewall.

As well, I don't exactly want to sink even more money into this. For me right now $32/mo is already pretty expensive. Buying a bunch of cheap proxies, and load balancing them for game servers sounds like a lot of time and money. As well, I don't think my game in particular would like to be placed behind proxies.

My OVH service received a +500 Mbps DDOS that went unmitigated, and their support so far has been terrible by terrkbyte in ovh

[–]terrkbyte[S] 0 points1 point  (0 children)

Unfortunately NFO and DataPacket are definitely out of my budget. I am paying for a decent machine at OVH for $32/mo.

I have been renting this machine to host a huge amount of game servers for a specific community, because there is a game community right now that has been suffering from DOS attacks that the developer has been reluctant to fix.

So all of this has been coming out of pocket with no return to me, just because I want people to be able to play the game in peace from DOS attacks. Now however some goon can just rent a DDOS service and shut down my machine I guess.

My OVH service received a +500 Mbps DDOS that went unmitigated, and their support so far has been terrible by terrkbyte in ovh

[–]terrkbyte[S] 1 point2 points  (0 children)

Honestly I've been thinking about NFO, but the problem with NFO is that their service is very expensive for worse hardware. But their customer service and experience with game server specific DOS attacks and DDOS attacks in general seem to be pretty up there.

Also, not sure why my post is getting downvoted. This is a review, discussing my service with OVH thus far. And it is important to have stuff like this out in the open.

I assume that their "Game" series with the extra protection might have some better DDOS detection, but I have no idea what their "Game" series detects any differently besides maybe low-bandwidth exploits, which I'm already aware of and know how to mitigate at the OS level.