Server security. Options

[Saevio]

Problem, officer?

[ziKo]

private aka passworded server are obviously not meant to be visible for public, so just make them not visible in ur searchfunction

[Saevio]

[Stupidity erased]
I'll tell you the procedure, SL

1. Scriptkiddie sees time + date of a match on gamestv.org
2. Scriptkiddie waits for this time to arrive
3. Scriptkiddie types one player's name into splatterladder
4. Scriptkiddie receives the IP from you.
5. Scriptkiddie uses his scripts and DDoSes the server. For this he does NOT need passwords, neither does he need ports. He overloads the ISP with requests.

And if you tell me to secure my server, I'm pretty sure you have no idea how DDoS works. Let's take a quote in from someone who probably knows this better than me, Krosan:

"You have to realise that you can't just install a firewall that will block ddos attacks on GSP level. You need to go a level higher to the ISP (datacenter) and have them intercept the malicious packets because the ddos affects your entire network, not just one server. Your router will crash nevertheless.

The costs to set up such a firewall on such a high level are high (the software is as good as free but it needs to be set up to intercept the right packets, and that's very costly). For GSPs the benefits simply don't outweigh the costs."

This post has been edited by Saevio: Oct 7 2010, 12:25 PM

[ziKo]

errh, dont we share the same opinion bout this case saevio?

[mazuuu]

trolled

[Saevio]

errh, dont we share the same opinion bout this case saevio?

Soz, misread it as "Simply don't give away your password!"

I'm kind of busy here :o) My explanation might help one or two retards realize what we're talking about though.

[Donut]

i feel you man

[krosan]

Basically, unless you are hosted at a data-center that specializes in ddos mitigation like Black Lotus (there are 2 or 3 others, which come immediately to mind), very few data-centers are prepared to deal with a ddos attack at the server level. Obviously, data-centers with larger pipes and more sophisticated switching, may be more tolerant of a ddos attack, but they still are not going to help you mitigate the attack in most cases.

There is no real way to prevent a ddos attack from happening, other than locate in a ddos-resistant host. Those hosts are very expensive, since serious server level ddos mitigation requires specialized technicians and equipment. Sustained attacks tend to to be costly in terms of bandwidth wasted, which also has to be paid for by the data-center, so some data-centers are rather intolerant of these problems.

In other words: it's a lot less expensive and easier to hide the IP of your server so a ddos attacker can't find it. It's my understanding that you're the only service sending getStatus requests to gameservers that aren't on the masterlist anymore. If I'm not mistaking, services such as ASE and xfire query the masterlist to get information of the server the are interested in. If I want that my server, which I host and pay for, isn't used on your list, it should be my right to have it removed.

The only thing your service should offer is a simple cvar check in the server.cfg to see whether the server wants SL to rank it or not. That should be an easy fix which would prevent us at least a part of the troubles. Yes, the attacker could find other ways to get our IP, but you wouldn't be making it pisseasy.

[Krauersaut]

And the 6th thread about the same topic. Another thread and I'll print out my answers and send them via mail.

Since I know that you'll just ignore it, please attach your address to any further post so that I could actually send the answers.

[TomDome]

I would just say your effort to stop ddos attacks is not enough.
If you know so much stuff about how to ddos - how about spending your time in searching for a real protection?

Or just post 5 years earlier...