• Advertisement
Sign in to follow this  

Game server DoS / DDoS mitigation strategies?

This topic is 1625 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

In general DDoS needs to be handled at the network level. Normally I'd not worry about it as a programmer, and let my operations engineers / network providers worry about it.

 

A normal "flood" of too much traffic for your upstream bandwidth can be conducted by almost anyone with enough money. It is very difficult to defend against this using a "normal" unicast single-point-of-presence IPv4 routing scheme. This normally only affects "real money" games, i.e. gambling, who are heavily attacked for extorsion purposes. A flood attack doesn't even need to establish connections, they can just send random, spoofed-source TCP packets with otherwise valid port numbers, flags etc, so you can't block (all of) them with simple firewall rules upstream.

 

The "solution" normally involves using IPv4 "anycast", which can only be done by a peering company (i.e. one with an ASN and who uses BGP routing) - so if your own network operations team cannot do peering, then you need to partner with a network provider who can. A network provider will add some kind of proxy in front of your service, which will run on an Anycast IP address and forward "clean" traffic to your own backend servers over a VPN (or similar).

 

I can't imagine that any non-gambling amateur game would attract the kind of attention which would make someone want to do a DDoS attack.

Share this post


Link to post
Share on other sites
Advertisement


A normal "flood" of too much traffic for your upstream bandwidth can be conducted by almost anyone with enough money. It is very difficult to defend against this using a "normal" unicast single-point-of-presence IPv4 routing scheme. This normally only affects "real money" games, i.e. gambling, who are heavily attacked for extorsion purposes. A flood attack doesn't even need to establish connections, they can just send random, spoofed-source TCP packets with otherwise valid port numbers, flags etc, so you can't block (all of) them with simple firewall rules upstream.

 

Mmmm yeah, I know of extortion attempts on several gaming sites and providers (casino and poker). For my service I'm not going to spend too much time on preventing DDoS, but obviously it needs to be able to survive a coordinated attack from a few computers (more of a DoS than DDoS scenario).

 

I hope to at least add fundamental countermeasures, creating a framework on which one could then build additional protection if it would be necessary at some time in the future.

Share this post


Link to post
Share on other sites

 


 I've dug deep into cryptography to design a protocol which I feel fairly confident in. Mostly because it's basically an implementation combining two well known protocols. Still, I know it's a risk.

 

No.

 

Don't do this.

 

Seriously, this is a bad idea.

 

Either use a well known cryptographic solution, which has been subject to peer review, or, if you are a cryptographer, and you see a need for a new approach, publish a paper on it, and if the paper holds up after a few years, then use it.

 

But rolling your own cryptography almost inevitably leads to a much much worse outcome than using something that has actually been subject to peer review.

Share this post


Link to post
Share on other sites


Seriously, this is a bad idea.
 
Either use a well known cryptographic solution, which has been subject to peer review, or, if you are a cryptographer, and you see a need for a new approach, publish a paper on it, and if the paper holds up after a few years, then use it.

 

I'm wondering if you read what you quoted?

 

In particular, the login server uses a SIGMA-R implementation and the game/lobby servers uses a Kerberos-type ticket retrieved from the login server. So, except for potential errors in the implementations of these protocols, the weakness of the scheme should simply be that of the two protocols mentioned.

 

(The modifications I've made are: a) the standard SIGMA-R described uses two-way authentication, I only need to authenticate the server b) the login on the TGS (my login server) isn't using symmetric keys as in Kerberos standard, since user authentication isn't necessary)

 

Of course, there is also the selection of encryption/authentication/signature primitives. And here I've tried to follow NIST recommendations as far as possible.

 

Naturally, I've tried to get as much feedback as possible on my particular selections and reductions.

 

So, is this wholly safe? - No, that would be foolish to believe.

 

Is it a worthwhile trade-off for the flexibility it allows me, compared to the possible loss when someone breaks the protocol? - Yes, I think so in my particular case.

Share this post


Link to post
Share on other sites
Wow, I'm away a few days, and this thread migrates from "DDoS prevention" to general hack prevention. Both are important, but they are very different :-)

To answer a question aimed at me:

What would I gain by filtering but my game port? Assuming I have a firewall closing everything else, what would they get by bombarding other ports, as opposed to simply the game port?


Many attack tools use amplification vectors such as DNS, VoIP, or media streams to flood the network. Those tools do not have the option of specifying the port to attack -- it'll be whatever port the amplifying vector uses.

If your upstream provider can know that, no, your servers will never make public DNS requests (because you run DNS over a VPN to somewhere else) and your servers will never take place in a VoIP or media stream, then the network link will never get saturated by that traffic.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement