OVH Community, your new community space.

DDOS Attack caused clients have connection lost (Anti DDOS PRO Permenant Mitigation)


Maki187
04-05-2015, 23:11
I run also hosting company, with SA:MP servers.
Same problems, as always, year ago, and more, there were no so much problems like this, protection was better.

About OVH API, you can't use Game Server Protection in OVH range, as Game Servers are in spearated tower, racks, and have different firewalls, and you can get them only in SYS.

chas
29-04-2015, 12:23
Im also interested in this,

I researched that permanent mitigation DOES mitigate UDP traffic exactly the same way as SYS-GAME does.

Be nice to know from OVH, because i got told to move to OVH permanent mitigation to stop players getting disconnected.

Dante
28-04-2015, 05:02
How to use this in OVH API ? I have OVH Enterprise server

GET /ip/{ip}/game Beta
/ip/{ip}/game/xxxxxxx
etc

https://api.ovh.com/console/#/ip/%7Bip%7D/game#GET

Jake187
20-04-2015, 15:01
Quote Originally Posted by Dante
We moved from SyS to OVH because of Permanent Mitigation

SyS Dedicated Range is bad in Anti DDOS specially for game server but good for other services like websites

I haven't tried the Game Range of SyS

Please give me a feedback if you test your sa-mp server on it , Make sure you got hit by DDOS to test the Anti DDOS if it worth for game servers
The Permanent Migration doesn't really do much of a difference they're both the same protection the end of the day, the only difference is that you are protected all the time compared to only being protected once a attack is noticed such as SYS range. Remember that the permanent migration only protects and migrates attacks it notices, so basically the only disadvantage to the SYS range is your service might lag or be down for about 1 minute for the system to detect the attack and start the migration. The benefit of OVH's system compared to most other hosts that do these type of systems is they don't stop the migration right after a attack stops, the system waits 10-15 minutes and if another attack proceeds afterwards in a certain period the wait time is even longer meaning your traffic is still being migrated.

I just received my game range server today I am planning to move my game server officially in the next couple of days I will keep you posted if anything goes wrong, if you don't hear from me withing a week than clearly the protection is doing its job, if you like you can also stop by my community I normally keep everyone posted at www.pr-rp.com

Dante
20-04-2015, 14:45
Quote Originally Posted by Jake187
OVH supports UDP protection with their Game Range offered at SYS, they however do not support adding the game range protection onto OVH servers itself. So if you're receiving UDP attacks which the standard DDoS protection cannot protect normally the solution would be to try that range instead.

They are now allowing people to renew their servers at SYS for the Game Range, I recently ordered one and I can't wait to give it a try with my SA-MP server that has been receiving attacks that are passing through my protection as well, I think that would be your best bet for affordable protection.
We moved from SyS to OVH because of Permanent Mitigation

SyS Dedicated Range is bad in Anti DDOS specially for game server but good for other services like websites

I haven't tried the Game Range of SyS

Please give me a feedback if you test your sa-mp server on it , Make sure you got hit by DDOS to test the Anti DDOS if it worth for game servers

Jake187
18-04-2015, 15:42
Quote Originally Posted by Dante
Most of the attacks are UDP & it hit our GameServers

I heard that OVH support Anti DDOS for GameServers

How to activate this ? API ? and How ?

I have no experience in API stuff

My Regards
OVH supports UDP protection with their Game Range offered at SYS, they however do not support adding the game range protection onto OVH servers itself. So if you're receiving UDP attacks which the standard DDoS protection cannot protect normally the solution would be to try that range instead.

They are now allowing people to renew their servers at SYS for the Game Range, I recently ordered one and I can't wait to give it a try with my SA-MP server that has been receiving attacks that are passing through my protection as well, I think that would be your best bet for affordable protection.

Dante
15-04-2015, 22:12
Quote Originally Posted by marks
the anti-ddos acts against most of the attacks, specially the most common ones, very effectively. but it's not a 100% protection against all attacks, no matter how big. Security , specially when you cannot afford any downtime at all, is an ongoing ever-evolving business, and I would recommend to go on monitoring all the traffic on your server, any weak points that could be exploited and, use the Network Firewall and the the software firewall that you can install on your server.

Also, if you want extra security and resilience, you could consider getting a hardware firewall too.

Regarding whether your protection should be permanent or not, that's only recommended if you receive continuous different attacks. Apart from the option to configure whether you want the Anti-ddos protection permanent/automatic/disabled (something that you don't have with SYS antiddos protection), you also get the Network Firewall with OVH servers, which I would say is even better protection.

Thanks!
Thanks for your reply

You mention 3 things that I have a questions about it :
1-"Network Firewall"
Do you mean this ? http://i.imgur.com/Lr0uFE7.png
If so, then I will till you that it is limited to 20 rules only which is not enough for opened ports (we have about 30 ports opened ) & port ranges seems not allowed & each rule can't have both TCP & UDP , It must do it on each rule !

2-hardware firewal
If you mean Cisco ASA , then it is not an option against DDOS attack , maybe if there is another firewall like Cisco Guard or any other product that is made speciall for Anti DDOS, plus ASA support up to 100mbps the first one which is useless on 500Mbps connection

3-.
Quote Originally Posted by marks
Regarding whether your protection should be permanent or not, that's only recommended if you receive continuous different attacks. Apart from the option to configure whether you want the Anti-ddos protection permanent/automatic/disabled (something that you don't have with SYS antiddos protection),
Can you explain me further on this ?

Do you mean it is better to switch the mitigation to Automatic Detction instead of Permenant ? and Why ?

Maybe I can have a solution to our issue if I get in idea from your answers

If there is any more suggestion please tell me, because the ticket support forward us to send E-mail to anti ddos department but they didn't respond for over 10 days & I think they will not respond.

My Regards.


========= EDIT ==========

Most of the attacks are UDP & it hit our GameServers

I heard that OVH support Anti DDOS for GameServers

How to activate this ? API ? and How ?

I have no experience in API stuff

My Regards

marks
15-04-2015, 12:21
the anti-ddos acts against most of the attacks, specially the most common ones, very effectively. but it's not a 100% protection against all attacks, no matter how big. Security , specially when you cannot afford any downtime at all, is an ongoing ever-evolving business, and I would recommend to go on monitoring all the traffic on your server, any weak points that could be exploited and, use the Network Firewall and the the software firewall that you can install on your server.

Also, if you want extra security and resilience, you could consider getting a hardware firewall too.

Regarding whether your protection should be permanent or not, that's only recommended if you receive continuous different attacks. Apart from the option to configure whether you want the Anti-ddos protection permanent/automatic/disabled (something that you don't have with SYS antiddos protection), you also get the Network Firewall with OVH servers, which I would say is even better protection.

Thanks!

Dante
09-04-2015, 17:04
The attacks still hitting our server

MRTG Period : Last Hour


Dante
09-04-2015, 14:46
Hello,

The OVH support team tell us to contact with you according to this message
”Please note that any questions you have relating to our Anti-DDoS system can be asked via our Anti-DDoS mailing list:

antiddos@ovh.net

Regards,

OVH.ie Support Team”


But unfortunately I sent this E-mail message a 2 days ago after this response from support & the situation getting worse, they didn't respond to us until now !

We switched from SYS to OVH Dedicated server just for Anti DDOS Pro "Permanent Mitigation" ONLY !

We are facing some problems with the Anti DDOS Pro "Permenant Mitigation" Mode

The problem is the attack hit our server & connection lost to all clients (players)

And sometimes we got E-mail

"ovh.ie - http://www.ovh.ie
45 Upper Mount Street,
Dublin 2




Dear Customer,


We are no longer able to detect any attack on IP address xx.xxx.xxx.xx


Your infrastructure has now been withdrawn from our mitigation system.

For more information on the OVH mitigation infrastructure: http://www.ovh.ie/anti-ddos/

Regards,

OVH Customer Support
Support: (01) 6390037
Fax: (01) 6394091
Email: customersupport@ovh.ie
Monday to Friday: 9am - 6pm
"


Why this ?
"Your infrastructure has now been withdrawn from our mitigation system."

It is on Permanent Mitigation Mode

My Server info: (aa408181-ovh)


Image from (8 - 9 Apr) shows MRTG



Image Link : http://i.imgur.com/VH8suzj.jpg?1



- Check this DDOS attack happened now & this is the log file of our internal firewall

Full log file at that date until today

/var/log/kern.log


On this link http://tny.cz/9aaf8a5e



It is bypassed the ANTI DDOS PRO (Permanent Mitigation) !!!





My Regards