DDoS Protection

Discussion in 'Systems Administration' started by Arjan, Nov 25, 2015.

  1. Hello,

    I was wondering if there is a possibility to turn a VPS or Dedicated Server into something that can (at least partially) 'receive' the DDoS attacks that would be targeting my Minecraft server. By this I mean that DDoS attacks launched on my server will be mitigated using the VPS/Dedicated Server.

    - Arjan
     
  2. I got my bungee running at OVH & add my home hosted dedi to it, I tried getting the IP (of home hosted) using wireshark, no success.
     
  3. Oh well. I was hoping that I could somehow turn the hardware I had into something useful rather than having to pay hundreds of dollars to get protection.
     
  4. MikeA

    MikeA Retired Moderator
    Retired Benefactor

    If you're paying hundreds of dollars for DDoS protection you're not looking in the right places. A few years ago it cost a lot, now there's plenty of cheap providers that can handle them.
     
    • Agree Agree x 1
  5. Alright but that's not my main point right now. I'm looking to see if there is any way to turn a VPS into a server that can mitigate DDoS attacks. Not because I'm low on funds or anything but just because I'd like to have full control over everything and also because I like to know how it all works.
     
  6. MikeA

    MikeA Retired Moderator
    Retired Benefactor

    Is a GRE tunnel what you're talking about?
     
  7. Perhaps using BungeeCord on the dedicated server could help? It acts a reverse proxy and can do connection analysis by itself independent of the minecraft server. Just make sure nobody finds out the IP of the backend minecraft server.
     
  8. Thanks for the replies. I'll have a look.
     
  9. It'd still be susceptible to DDoS attacks.
     
  10. Well if you put it that way, everything is susceptible to DDoS attacks no matter what you do.

    Note that I'm just answering OP's question:
    And BungeeCord is one method of doing so.
     
  11. Yes, but you could use the VPS or dedicated server to actually filter the attacks instead of proxy them. The protection brought about by a Bungee server would be negligible.
     
  12. It would filter non legitament packets. They would not go to the backend
     
  13. That doesn't matter. If the Bungee goes down, the server itself might as well be down.
     
  14. Using BungeeCord (or a reverse proxy) is part of your solution anyway.

    That's what I was suggesting too. You could use a BungeeCord plugin to detect DDoS attacks and block them, or better yet integrate it with iptables and block them at an OS level.

    This is the closest answer that you can get with using a VPS as DDoS mitigation without using the unhelpful excuse that anything can be DDoS'd anyway. An attempt at protection is better than no protection at all in my opinion.