DDoS Attacks & The "Abandonment" Policy

Hey guys,

I’ve been with the same dedicated server provider for about 6 months, haven’t really had any issues that couldn’t be solved through direct communication, an outage for about an hour total. So up until this point I’ve been fairly happy with my experience. I was hosting a fairly large community back in 2011 on Garry’s Mod, and nearly every time someone was banned, we would get attacked. The attacks would vary, some decently weak (90-110megabit/s) others saturating our line (1-3gigabit/s) and alerting the datacenter of the large amount of traffic. I think the best experience I had was with Steadfast in Chicago, they entered multiple ACLs to block the incoming attacks and managed to stop about 60% of the malicious traffic. (all originating from cod4 source ports, sound familiar anyone?) But it just simply wasn’t enough, the user who was launching the attacks was arrogantly posting about his success of the attacks on our community forums. After he finally became bored and left for a while, we got the next months scheduled invoice, with a nice $400 overage fee. (Due to the fact that, filtering the attack requires gathering data which can’t be done when the target address is nullrouted, the address had to stay online for a bit while the large attack was happening for the datacenter to collect any data on the incident.)

Today I requested our line speed be re-upgraded to 1000mbps so I could begin hosting multiple Garry’s Mod servers again, and the following response was received.

I guess the whole point of this rant is, where is the initiative? If we go back a couple of years, these attacks weren’t running rampant. But since they are, I think we need to evolve into a state where we can deal with these attacks. Lets face it, anyone can drop $10 into a couple cheap vpses on a 1000mbps line and pop off a perl script, and this will take down pretty much 99% of the servers on any source engine game today. I’ve spent well over $1000 with this host, from general upgrades to monthly payments, and my reponse to wanting to host a game on a machine I pay for is basically, if you get attacked, your account gets suspended.

Using that same logic, could I not go the VPS route and attack all of their customers? Are they just going to shut every one of their customers accounts down because they don’t want to filter the attacks coming from literally a handfull of IPs? It costs but a mere fraction to take down a server as it does to run one, and our only foolproof option to ddos attacks at the moment other than spending hundreds of dollars on hardware firewalls and load balancers, is nullrouting. Which isn’t technically a solution to the problem, it’s a temporary solution if you have an extremely limited amount of bandwidth. But if the user is following your community like a hawk, watching every time the servers are online just to attack again, nullrouting is the same as having the servers down from the attack.

Where/What is the solution? When do datacenters draw the line and start providing customers with reliable solutions, and stop implementing an abandonment policy if you’re attacked more than once a year?

There already were attempts to track down botnet owners and get them arrested, didn’t work out, and I doubt anyone wants to go through that drama again.

[editline]5th June 2012[/editline]

Hosters backing away from Gmod is a logical consequence since the amount of kids with access to botnets in the Gmod community is extra ordinarily high.

Therefor the only logical consequence is either getting away from gmod OR buying at a really ddos-proof host.

The nature of a DDoS attack makes it hard to eliminate the effects completely if the attack is large enough and equipment to do it is expensive.

If every network would do ingress filtering it would solve the COD4 DDoS / DNS DDoS problem but getting everyone to do that is a very hard task.

Half the problem is bloody IW who don’t give a shit about the loophole in their MW servers :\

The problem isn’t exclusive to CoD it is a bug with the Quake engine however CoD 4 is the most popular game using the engine now I think which is why people refer to it mostly by that game.

ask stan to stop developing devnull :v: (if it is him and his program (if it even exists))

I’m sure he will listen if you say please.