Jump to content
  • Advertisement
Sign in to follow this  
Lenox

Withstanding a DoS attack?

This topic is 4787 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I was wondering, what are some methods to withstand a DoS attack? I've heard about DoS attacks crashing many many servers for ORPGs and even MMORPGs, and would like to prevent this with the ORPG I am designing. I figure that I'd get this out of the way before I finish designing the networking portion. Thanks for any help in advance, --Lenox

Share this post


Link to post
Share on other sites
Advertisement
Your server management software should give you the core files from the crashes, and alert you that something is wrong. Analyze why you're crashing, and where, and you'll quickly find what the bad network data is, and fix that bug in your software.

If the DOS is a bandwidth denial attack, then being co-located in a "big fat" datacenter will help withstand that, but if the DOS is a DDOS and keeps up for a long time, the bandwidth bill might start being trouble. Getting a large DDOS going is pretty hard, though (whatwith all the worms you need to deploy, etc), so usually games companies won't be the targets.

Share this post


Link to post
Share on other sites
Ah, so a DoS attack really just exploits bugs in your software to crash servers? Wouldn't it be legal to DoS your own servers to test for software bugs that can be exploited?

Share this post


Link to post
Share on other sites
A DoS attack is anything that hurts your server's ability to do it's work. Crashing it is only one example. Another might be posting eleventy billion requests for something that is only supposed to be used once in a while because it takes a lot of cpu and/or other resources to complete - it's not a bug per-se but it's definitely detrimental.

You can do anything you want to your own servers. Although if you are trying to DoS by sucking up bandwidth your isp might complain.

Share this post


Link to post
Share on other sites
Hardware implemented syn cookies helps, but to completly avoid it you need bandwidth.

Share this post


Link to post
Share on other sites
Quote:
Original post by hplus0603
Your server management software should give you the core files from the crashes, and alert you that something is wrong. Analyze why you're crashing, and where, and you'll quickly find what the bad network data is, and fix that bug in your software.

If the DOS is a bandwidth denial attack, then being co-located in a "big fat" datacenter will help withstand that, but if the DOS is a DDOS and keeps up for a long time, the bandwidth bill might start being trouble. Getting a large DDOS going is pretty hard, though (whatwith all the worms you need to deploy, etc), so usually games companies won't be the targets.


There is also a DoS called a DRDoS (Distributed Reflection Denial of Service) which sounds a bit easier to do (The page here describes a DRDoS attack).

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
dos is denial of service, basically do whatever to kill the servers bandwidth

a ddos is a distributed dos, basically infecting 1000's of slave pc's to launch dos attacks crushing your bandwidth

slave pc's are usually like pc's belonging to morons who never have antivirus and spread such nightmares without realizing what they are doing

when it comes down to it if they get you with a big enough ddos there is nowhere to run, your server will be bombarded by 1000's if not millions of connection request from slave pc's running a dos client (usually a worm)

good tip..dont make enemies..lol

Share this post


Link to post
Share on other sites
Basically, as soon as you see a pattern in the connections that are sending you bad data, just immediately drop the connection. This will help against a lot of DOS attacks, as they are usually primitive attacks, created by people without much creativity. You can also blacklist the IP address you are getting the attack from for a certain period of time (ie. 2 days). This way, new users can still join, and you won't be continuously dropping connections.

Also, make sure you have some failover capabilities in case they take out a machine or two.

Share this post


Link to post
Share on other sites
The most likely type of DoS would be some sort of connection spam. If you use TCP, it will be impossible to connection spam you with spoofed IPs. Therefore, you will then just be able to block those IPs and the connection spam will be gone.

However, a more annoying type is bandwidth flooding, which you can do very little about. An adversary with a sufficiently large number of zombies all pumping out legitimate-looking spoofed packets at their maximum upstream bandwidth, will flood your server.

But an attacker can't keep that up forever, so the trick is to give them a tricky target - I believe the usual trick is to periodically move the public IP addresses of your servers, and have them routed by some VPN to their true locations.

Datacentres can be set up in different locations with redundant boxes, VPN'd. If the attackers don't know the IP location of your true servers, they can't bandwidth flood them, they'll just be bandwidth flooding some colo centre somewhere (which is unlikely to make your datacentre provider very happy; they might pull the plug on you if the problem persists) - but you can then just move the public IPs elsewhere.

The clients could use DNS to find the server, and you'd periodically move it. The flooders would then need to either keep retargetting their zombies, or code a custom zombie to use your DNS system to automatically retarget.

You could even code some kind of complicated algorithm into the client for choosing which DNS name to use for the true server based on time / location. Flooders would have to try to replicate that.

I think it all boils down to how much money you have to spend, and how determined the attackers are.

If you aren't running a payment service provider or online gambling site, I wouldn't worry about it too much.

Syncookies (whether implemented in hardware or software) will prevent syn flooding from spoofed IPs, and you can block non-spoofed IPs.

Mark

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!