31.05.2014, 11:59
Quote:
Almost nothing can stop DDOSing. i added a Anti-DDOS script, it didn't worked. I applied this formula, Didn't worked.
So, i'll go wwith my opinion |
The servers network interface gets spammed with invalid requests. It keeps trying to process them and to respond to the sender, but this takes pretty long compared to the high amount of incoming new requests. So at some point the server cant process any new requests, you lost the connection to it.
So whats the most logical step? Make the network interface ignore those invalid requests. Dropping spammed packets is much faster than processing them. Suddenly, the amount of incoming data seems pretty small. "personal" dos attacks wont have a big bandwidth, and the server wont have much trouble blocking 1mbps of incoming spam packets. This will stop any effects of the attack. It just gets problematic, if the attack bandwidth gets bigger than the downstream of the server. In that case its not the network interface that causes trouble, but the network connection itself, theres just too many incoming data. A firewall cant help you in that case, it doesnt matter how many packets are dropped if the connection is still at maximum load. The common (and probably the only working) way to stop such attacks is to increase your own bandwidth, so the attack cant push it to full load. Thats what most "DDoS protection services" do, they give you some kind of a proxy server with a very strong internet connection, that filters spammed packets and just forwards the good ones to your server. Another type of that would be to cluster the server (thats what the big websites do) The server is redundant on several machines with independent internet connections, and some manager distibutes the users to all machines. Once a single machine gets attacked and becomes unreachable, the manager disables it and users are simply redirected to the other machines. As the number of independet machines practically isnt limited, this is the only way that could protect even against the biggest attacks. But unfortunately, this isnt applicable for samp.