[Sithis]

I have had good results with OVH, what is the specific service you were using from them?

[Danzou]

OVH is a company of quality!!! The problem is that you do not know what you are doing. The ovh will not protect you from attacks ridiculous,this you must make itself.

[Mellnik]

You got to find you what is your bottleneck. When you are under attack you need to gather as much information as you can and then analyze that. Whether the internet pipe to your server is full or your CPU cracks down.

And secondly: Are you sure that SA-MP is even involved during an attack? Maybe other services running on your server are exploited to down you. For instance you should not run Apache on the same IP as your SA-MP server, Apache has a large attack vector to eat up your resources. Always get a dedicated IP which you only use for SA-MP and configure your webserer (if you have any) to go through Cloudflare and hide it's real IP.

[DeitY]

Quote:

Originally Posted by Sithis I have had good results with OVH, what is the specific service you were using from them?

Anti DDoS GAME.

Quote:

Originally Posted by Danzou OVH is a company of quality!!! The problem is that you do not know what you are doing. The ovh will not protect you from attacks ridiculous,this you must make itself.

I know what im doing really. I setup software firewall, and i setup GAME firewall rules correctly, and still they manage to "lag/drop connections" via some spofed ip services, like "NTP/DNS" and other methods meant for bypassing OVH protection.

Well i know that they are using ddos only for SA:MP because i had there hosted minecraft and one more SA:MP server, so when they ddos SA-MP instantly goes from 500 players to 120-110, killing port easily, however minecraft works as a charm.

[Infinity]

Quote:

Originally Posted by DeitY I know what im doing really. I setup software firewall, and i setup GAME firewall rules correctly

To 'protect' against real DDoS attacks you need dedicated hardware, which is really expensive. DDoS attacks are a simple to execute plague, similar to blocking a store by going in with millions of people at the same time. It's hard to really do anything about it.

[DeitY]

At NFO, nullrouted in 2 hours xd

well, i guess thats it..

[Sublime]

Quote:

Originally Posted by DeitY I know what im doing really. I setup software firewall, and i setup GAME firewall rules correctly, and still they manage to "lag/drop connections" via some spofed ip services, like "NTP/DNS" and other methods meant for bypassing OVH protection.

NTP? There, I'll quote this comment from a person (whose method I've implemented and has stopped pretty much 98% of the NTP attacks)

"You can mitigate this attack by adding "restrict default nomodify nopeer noquery notrap" and "restrict -6 default nomodify nopeer noquery notrap" to your ntpd configuration, even if you're not running 4.2.7p26. Even works for public NTP servers. Those restrict lines disable monlist and other exploitable commands, but still allow time-sync traffic. Some OSes, like FreeBSD, have ntpd configured that way by default."

Plus, read this page on securing your NTP configuration.

Coming to DNS, there are few tips that I can tell you.

• If you use a DNS software on your linux box, make sure to configure it as tight as possible
• Change your server's public resolvers if it's not ******'s Public DNS or OpenDNS - they have something called 'intelligent rate limiting setup' to prevent abuse

I'm baffled as to why you use DNS when you're only allocating server resources to SA:MP and nothing else.

[DeitY]

Quote:

Originally Posted by Sublime NTP? There, I'll quote this comment from a person (whose method I've implemented and has stopped pretty much 98% of the NTP attacks) "You can mitigate this attack by adding "restrict default nomodify nopeer noquery notrap" and "restrict -6 default nomodify nopeer noquery notrap" to your ntpd configuration, even if you're not running 4.2.7p26. Even works for public NTP servers. Those restrict lines disable monlist and other exploitable commands, but still allow time-sync traffic. Some OSes, like FreeBSD, have ntpd configured that way by default." Plus, read this page on securing your NTP configuration. Coming to DNS, there are few tips that I can tell you. If you use a DNS software on your linux box, make sure to configure it as tight as possible Change your server's public resolvers if it's not ******'s Public DNS or OpenDNS - they have something called 'intelligent rate limiting setup' to prevent abuse I'm baffled as to why you use DNS when you're only allocating server resources to SA:MP and nothing else.

Yes i know that , i blocked EVERY SINGLE port on dedicated, and still they manage to somehow down it.

However, what i have noticed now is something unexplainable:

When i get TCP DUMP from machine DIRECTLY, there is no a SINGLE bad traffic, but when i record with my ethernet capturing, i have noticed some wierd crap.. ( http://prntscr.com/9r6r4w http://prntscr.com/9r6rh4 )

I can't even figure out how's this possible, the spoofed ip addreses don't even reach server but manage somehow to drop people from SA:MP. LOL..

I'd just say maybe some new samp exploit, as server doesnt see any malicious traffic. I have sent even thousand tcp dumps to OVH and still they say no a single problem is there..

[Sublime]

Quote:

Originally Posted by DeitY Yes i know that , i blocked EVERY SINGLE port on dedicated, and still they manage to somehow down it. However, what i have noticed now is something unexplainable: When i get TCP DUMP from machine DIRECTLY, there is no a SINGLE bad traffic, but when i record with my ethernet capturing, i have noticed some wierd crap.. ( http://prntscr.com/9r6r4w http://prntscr.com/9r6rh4 ) I can't even figure out how's this possible, the spoofed ip addreses don't even reach server but manage somehow to drop people from SA:MP. LOL.. I'd just say maybe some new samp exploit, as server doesnt see any malicious traffic. I have sent even thousand tcp dumps to OVH and still they say no a single problem is there..

If it directly affects the SA:MP server without touching the linux box, then I believe it to be directly attacking the network layer of SA:MP. Did you add a rule to reject all malformed/invalid packets?

Does SA:MP use the GVSP protocol?

[MikeBN]

NFO won't work for that kind protection we need only developer can solve this kind of problem.