We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

Requesting DDOS protection (or blocking some ports)


Trapper
10-09-2013, 19:36
Also, you do not need to be a customer to join the dDoS mailing list. You can ask questions there, and get answers directly from Oles himself...

~Trap

PS. Welcome to the forum!

alex
10-09-2013, 16:50
You need to use API to activate the DDOS protection

VRocker
10-09-2013, 14:35
Hello,

I'll start off by stating that I rent my server from a friend who has an EG-64R and my server is a virtual machine on that and has its own IP. The person who owns theserver has contacted OVH a few times regarding this issue but i felt it'd be better to contact directly due to me having more information.

Just lately one of my servers hosted on an OVH box has been under a heavy DDOS attack and has been going on for a week or two with the odd break while the attacker sleeps. I have found out that the attacker lives in India and is using an exploit in COD4 servers to execute a reflection attack, that is they send a packet to the server but masquerading as me and that server then replies several times to my IP with more data than was sent to it.

This is a big problem as just lately they have been hammering my bandwidth which is currently peaking at 95Mb/s in (a graph can be found at http://vrocker-hosting.co.uk/bandwidthd/) but i have identified some common things with the packets which could help block the packets from reaching my server.

Currently there seems to be 2 types of packets sent to the server. One of them is a UDP packet containing SNMP data but it is being sent to a port that i host a game server on. The source port for this packet is 161 which is also SNMP. If the source port were to be checked for SNMP data to my IP then it could be blocked (or just look for SNMP data as i will never use it).
Another packet is a normal SNMP packet with the destination port 161.
Another attack they are using as flooding my server with pings.

I can block these using IPTables but that does not solve the issue as it then causes a lot of IRQs still to be sent to the system which ends up knocking the box down (ksoftirqd ends up using 100% cpu for each NIC). I have teamed 2 NICs together to try and handle more packets but it still has a major effect on my server.

Can OVH do anything about this please? I'd really appreciate it

Oh, the IP of my server is 94.23.157.172