DDOS protection with firewall

deshkarabhishek · Dec 5, 2017

Hello,

I'm from India and I want to buy hardware firewall for our gaming server. I have got all Indian IP ranges list. It has like 5000 entries. So I will allow only these ranges in my hardware firewall. The purpose of this is to get rid of DDOS attacks. Is that possible that I allow only these IP ranges so no DDOS ? And if yes then which hardware firewall is the best ?

Thanks ?

bill001g · Dec 5, 2017

You can't fix actual DDOS attacks. If it was as simple as buying a firewall you would never hear of a large company being taken offline.

The problem is not really the server it is the internet connection. The attacker still sends the traffic over your internet connection using up all your bandwidth. The firewall would delete it before it got to the actual server but the traffic still already consumed the bandwidth before the firewall saw it. It really doesn't matter what the firewall does with the traffic the damage is already done before the firewall can do anything.

It really is no different than the junk mail you get in real life. Just because you pay someone...ie a personal firewall... to go get your mail from your mailbox and sort it before they give it to you does not prevent your mailbox from being full of garbage

The way large companies fix this is they call the ISP and the ISP uses firewalls before it is sent over the connection. If the attack is large enough it can actually overload the ISP connections to other ISP. In that case the ISP would have to work with other ISP to fix it. Not something you can do if you are a small customer.

deshkarabhishek · Dec 5, 2017

Not even if I allow particular IP ranges in the hardware firewall ?

bill001g · Dec 5, 2017

Why would you think it makes any difference. A DDOS attack is trying to use up your internet bandwidth.

So lets say you have 10mbps internet connection. I am a hacker and I send you 10mbps. The problem is there is no room left in your internet connection say for your game traffic. Now you install a firewall at your house. All that does is now the traffic is thrown away rather than being delivered to your server. The traffic is still using up the internet connection to your house. All the firewall does is pretend it does not exist but the traffic actually does still exist.

deshkarabhishek · Dec 5, 2017

Thank you for clearing all doubts. So there is no way to allow particular IP's ? Like currently I'm using Amazon AWS and if I only allow my IP from amazon Security group and then if I send DDoS attack to my game server, DDoS Doesn't work. So something like that ?

bill001g · Dec 5, 2017

Hard to say how amazon AWS works but that is different than a hardware firewall.

Amazon has lots of bandwidth so they could block the traffic in their firewall before it got sent to your server. This is a variation of having the ISP do it that large companies use.

Still it is causing damage to amazons data center. If it was enough it would affect other customers in addition to you. So someone could in theory DDOS the entire data center to take your server down. It just is such a massive undertaking few people would spend the kind of money involved.

You have to be somewhat careful. Some hosting organizations will count traffic sent to you even if it is dropped against the cap. So now the denial of service is more trying to use up the cap and then the hosting company blocks access to your server because you have used up your monthly data usage. They are no longer directly attacking the server but it has the same results

androbourne · Dec 5, 2017

AWS has multiple ISPs with proxies to mask their external IP addresses. They also have tons of large firewalls and server farms to help mitigate attacks.

As a home user or self hosted users. You really don't have many options.

Overspec on the firewall. I personally went with a PFSense custom box that I was overspece'd so it would take a lot from a DDOS to flood my memory or log drive.

The real issue here is bandwidth. You puchase an X by X speed and that is your cap. If the DDOS attack is strong enough to put in to many requests to your server or equipment. It will flood your bandwidth with requests and replies. The only way to mitigate this is with proxies spoofing your IP so they are attacking the wrong address and to also increase your bandwidth so it take ALOT more traffic to bring down your network. Also duel ISP never hurt anyone.

And of course if you are on a dynamic IP that helps since you can just release your current IP and obtain a new one.

There is no sure fire way to block DDOS and even larger companies like Sony has problems with it...

If they want to DDOS your home server into the ground. Its going to happen. (not easily) but it will happen. Really no way around it.

Now go with a Cloud based service like Cloudflare for web hosting and AWS for a gaming host. You'd be better off as they provided DDOS protection with their services.

deshkarabhishek · Dec 5, 2017

Currently using Amazon aws only. But they have limit of blocking IP addresses of 250.

Anyway is there any way to monitor DDOS from windows server ? Like if I know from these IP DDOS is coming then I can block them ? Any software would help ?

androbourne · Dec 5, 2017

No, not really. You could try programs like Glasswire but it only shows you in and bound connections based on programs\services etc... not DDOS as some DDOS dont even require a reply from the server. It just floods your network with invalid requests (not all DDOS's do this though, some push out asking for replies to help flood the network).

You really should be monitoring the connection requests from within your firewall/router.

deshkarabhishek · Dec 5, 2017

So what is the way to stop this ? Even if I'm using Amazon AWS, it is hard to detect incoming DDoS. The current procedure which I'm using is that, I have allowed particular IP ranges from known Gaming players but using this I can't get other players. Could you suggest me something ?

androbourne · Dec 5, 2017

Hmm don't really think there is any way around it unless AWS offers some type of services for you to access a router so you can control it yourself.

I don't know of any great tools that work well with it. But you can try to do it manually with CMD, check in bound connections and requests to softwares etc... but it wont show everything. The router would.

https://sulich.wordpress.com/2012/06/27/detecting-ddos-attack-in-windows/

P.S.
I also don't know how reliable your method is for whitelisting IPs. I'm sure most players are on a dynamic IP so if it changes, wouldn't they get blocked from entering the server?

Welcome to the pain of IT. DDOS is a big problem just because of these issues we are talking about.

deshkarabhishek · Dec 6, 2017

I have all Indian IP ranges. So I know player's ISP and I allow only that range in Amazon AWS security rules. So even they change the IP, the new IP will be in the range. The only problem is that amazon allows only 240 entries which is very less. I have list of IP ranges of Indian ISP that is 6000 total.

Anyway as you said that some DDoS doesn't require any replies so router can detect them ? And I'm sure AWS won't give that permission at all. I will ask them to keep log of the incoming traffic, that would help ?

androbourne · Dec 6, 2017

Ah gotcha.

Well then yes. That might be an issue.

Guess with AWS your only real option is their services.

Something like this https://aws.amazon.com/shield/

I believe everyone gets standard protection for free but you may need advanced.

Search

DDOS protection with firewall

deshkarabhishek

Prominent

bill001g

bill001g

Titan

deshkarabhishek

Prominent

bill001g

Titan

deshkarabhishek

Prominent

bill001g

Titan

androbourne

Honorable

deshkarabhishek

Prominent

androbourne

Honorable

deshkarabhishek

Prominent

androbourne

Honorable

deshkarabhishek

Prominent

androbourne

Honorable

TRENDING THREADS

Latest posts

Moderators online

Share this page