Abusing Packets

We are being DDoS’d by someone who is asking for money and I will not do that.

He claims to be using ESSYN which abuses connection packets so if you block the IPs it blocks real users. And it is a high numbers of IPs.

I am with OVH and I have permanent mitigation on. But this attack is not being mitigated, I have been down for 2 days. I have contacted OVH and they said “it should of been mitigated, maybe add some firewall rules to help”. I have got a number of OVH firewall and windows fire wall rules on my dedicated server but that does not seem to help.

Any ideas how to stop this or firewall rules to help stop this, please post. I don’t think I am the only one having this problem.

I’ve had some experience with UDP abuse. What operating system are you running? Have you or could you generate some packet logs?

I am running windows, and I can’t connect to my dedi. I can try to block the port and connect. Do you have steam or somewhere I can instant message you?

I’ve PM’d you an account you can add me on.

If you don’t have anything like iptables on linux, you’re dead in the water.

I would suggest you do a packet dump and check if it can be mitigated first, then decide if it’s worth moving your server to linux; or if you want to stay windows, use esx to run a linux firewall and sit your windows host on the inside of it.

-snip-