DDOS Attacks on Servers

Request DDRaceNetwork-related help with the website, server or client.
Please read the reported issues (https://github.com/ddnet/ddnet/issues).
Post Reply
bota
Posts: 2
Joined: Sat Aug 13, 2022 11:44 pm
Location: Germany
Player profile: https://ddnet.tw/players/Bota/
Discord: ALEX#0006

DDOS Attacks on Servers

Post by bota »

Hi there,
I really like the Community here. This community has a lot of servers + players, which is impressive considering it's totally free.
It's very sad that the server is experiencing a lot of DDoS attacks. In the Discord channel #bot-cmds there are a lot of DDoS statuses. My assumption why the server is getting attacked is simple: competition. If this network has problems over a long period of time, the people will go somewhere else. I've experienced successful attacks, where afterwards no one was playing anymore on most DDnet servers.

I've read in another post that it's hard to determine the attacker's network traffic. That's probably why VPNs are not allowed. Enough talking, there are multiple (possible) solutions:

Costly solutions:
- Move to the Cloud. Most cloud providers offer effective DDoS protection. Example: Microsoft Servers. Attacking them is not very smart and not effective. They have servers that won't go down easily. Also: If the attackers get caught, they will have other problems than competition.
- DDoS protection via SLA (Service Level Agreement). When doing an SLA, Companies have will hold their promises. This is VERY Costly, but also effective depending on the SLA contract.
- Pay a company to figure out the problem. Companies have capacities. Paying a company to research network traffic can be useful for finding the source of the problem.
- Pay a company to attack the community servers. This sounds ridiculous, but the company can create a detailed report with all weaknesses.
- Distribute Servers (if haven't already). Attacking multiple targets is a lot harder.
(- A DNS for the servers instead of an IP-Address.)

Less costly solutions:
- Introducing accounts, with credentials, to be able to play on DDNet. It is not famous and also costs money. But authenticating is a great way to ensure that most people are customers. This solution will help go the right way, but it will not fix the attacks. It's sometimes impressive how creative attackers can get to gather stuff.
- Limit all kind of requests (if haven't already). If the attack does not come from a botnet, this will help.
- A not-so-nice solution is geo-blocking. There is no guaranty that it will work, and it is very imprecise. There are specific locations where lots of DDoS attacks are launched from. This can possibly kill a good amount of the player-base.
- Start blocking IP-Lists from the internet. This may be a bit problematic, since it can happen that someone's IP-Address may get blocked by accident. But restarting the internet router will fix the problem in most cases. By restarting the router, you get a new IP-Address from the Internet provider.

I've sat down a few hours thinking and writing this post. All of this are assumptions and ideas to improve the situation. I'm a website-application-developer apprentice and know a tiny bit about network stuff.

During googling, I've found this open source tool: https://www.haproxy.org/. I've no idea if it's suitable here, but it's worth taking a looking at it. I'm sorry in advance for my horrible grammar.

I hope this helps a tiny bit, cheers!
Image
User avatar
deen
TECHNICAL Team
Posts: 3497
Joined: Mon May 05, 2014 2:30 pm
Player profile: https://ddnet.tw/players/deen/
Discord: deen#5910

Re: DDOS Attacks on Servers

Post by deen »

Hi bota,

Thanks for trying to help. See https://hookrace.net/blog/dos-attacks-a ... line-game/ and https://hookrace.net/blog/dos-attacks-update/ for some of what we have tried already, which covers some of your suggestions.
Move to the Cloud. Most cloud providers offer effective DDoS protection. Example: Microsoft Servers. Attacking them is not very smart and not effective. They have servers that won't go down easily. Also: If the attackers get caught, they will have other problems than competition.
They usually only protect HTTP(s), while DDNet is UDP-based.
DDoS protection via SLA (Service Level Agreement). When doing an SLA, Companies have will hold their promises. This is VERY Costly, but also effective depending on the SLA contract.
There is probably no provider available in all our locations and this would cost 5000 € / location / month, which is outside of my budget.
Pay a company to figure out the problem. Companies have capacities. Paying a company to research network traffic can be useful for finding the source of the problem.
See above.
Pay a company to attack the community servers. This sounds ridiculous, but the company can create a detailed report with all weaknesses.
We know the weaknesses. This would also be illegal because it doesn't just hurt us, but everyone at our hosters, which is why hosters regularly kick us out.
Distribute Servers (if haven't already). Attacking multiple targets is a lot harder.
Not so hard. DDoS server 1 for 5 minutes, everyone dead, repeat for server 2 and so on.
A DNS for the servers instead of an IP-Address.)
How does this help?
Introducing accounts, with credentials, to be able to play on DDNet. It is not famous and also costs money. But authenticating is a great way to ensure that most people are customers. This solution will help go the right way, but it will not fix the attacks. It's sometimes impressive how creative attackers can get to gather stuff.
This doesn't help and we don't want DDNet to cost money, it would exclude most of our player base.
Limit all kind of requests (if haven't already). If the attack does not come from a botnet, this will help.
This does not help against spoofed attacks from millions of different IPs. This does not help with overloaded network.
A not-so-nice solution is geo-blocking. There is no guaranty that it will work, and it is very imprecise. There are specific locations where lots of DDoS attacks are launched from. This can possibly kill a good amount of the player-base.
This would have to be done at hoster level, not at our level. Cheap hosters that we have to use don't provide an API for that.
Start blocking IP-Lists from the internet. This may be a bit problematic, since it can happen that someone's IP-Address may get blocked by accident. But restarting the internet router will fix the problem in most cases. By restarting the router, you get a new IP-Address from the Internet provider.
See above.
During googling, I've found this open source tool: https://www.haproxy.org/. I've no idea if it's suitable here, but it's worth taking a looking at it. I'm sorry in advance for my horrible grammar.
Not UDP-related, but a proxy is the direction we plan to take.
bota
Posts: 2
Joined: Sat Aug 13, 2022 11:44 pm
Location: Germany
Player profile: https://ddnet.tw/players/Bota/
Discord: ALEX#0006

Re: DDOS Attacks on Servers

Post by bota »

Hi deen,
I've read the two articles and the situation is very sad. It's good to know that everything is being considered. That shows how urgent the Situation gets handled from you.
Move to the Cloud. Most cloud providers offer effective DDoS protection. Example: Microsoft Servers. Attacking them is not very smart and not effective. They have servers that won't go down easily. Also: If the attackers get caught, they will have other problems than competition.
They usually only protect HTTP(s), while DDNet is UDP-based.
I've found an article from Microsoft Azure: https://docs.microsoft.com/en-us/azure/ ... n-overview. They mention UDP in the article. They also have an Machine learning which could solve things over time. Once they fixed the problem, they will be more than happy to have an another, permanent, customer.

Their prices are in my opinion very reasonable. Don't understand me wrong; I don't want to sell you something, or promote Microsoft. But they have some really impressive stuff in general, even though I don't like them.

An option could be thinking about using another protocol then UDP, but I bet that's definitely not an option :)

Other than that I am a bit speechless and will leave it here. I wish you and the community the best of luck for the future.
Image
User avatar
deen
TECHNICAL Team
Posts: 3497
Joined: Mon May 05, 2014 2:30 pm
Player profile: https://ddnet.tw/players/deen/
Discord: deen#5910

Re: DDOS Attacks on Servers

Post by deen »

Outbound traffic is at 0.08 USD / GB. So we would pay hundreds of USD just for bandwidth. Cloud providers are definitely too expensive and have too many hidden costs.
Post Reply

Who is online

Users browsing this forum: Google [Bot] and 3 guests