rain

DDoS Protection

Discord Steam Group

About our Game DDoS Protection

We protect our network very effectively against DDOS attacks by using detection software and prefilters. The protection automatically detects and filters “bad traffic” and protects IP addresses against DDOS attacks up to 500Gbps .

If you want to protect a website (HTTP or HTTPS) from DDOS attacks, we also recommend using Layer 7 Protection for greater efficiency. A DDOS attack can be detected and filtered much faster using Layer 7 Protection. It makes sense to store the certificate in the firewall software when using SSL.

The server remains accessible during an attack and you can use the services as normal. Irrelevant ports are blocked for as long as the attack continues, for example polling icmp for ping. Also on default game hosting we close all none essential ports to further make attacks harder.

What is Layer 7 Anti-DDoS?

There are different types of DDoS (Distributed Denial of Service) attacks. Basically, a DDoS is to be understood as a “refusal to serve”, which is deliberately caused by a large number of inquiries and thus leads to an overload of the data network or the server.

DDoS attacks can target different layers (see ISO / OSI layer model). Compared to earlier, current DDoS attacks often target the top layer (layer 7). Layer 7 is the application layer and serves to provide functions for the applications and is responsible for data input and output.

The Layer 7 attacks target the protocols belonging to Layer 7 such as Telnet, FTP, NNTP, HTTP or SMTP. Compared to other DDoS attacks, Layer 7 attacks require far less bandwidth and packets to disrupt the services. A low-level protocol attack such as SYN flood requires a huge number of packets to carry out an effective DDoS attack, whereas a layer 7 attack only requires a limited number of packets to carry out a large DDoS attack to implement.

The most common of the Layer 7 attacks is HTTP flooding. Here, an HTTP request is sent to the server concerned, using considerable resources, and although the number of packets is limited, these fully utilize all server resources and result in the services being refused.

What happens in a DDoS attack?

  • UDP Destination Port 9000 to 9999 is strictly filtered against Teamspeak3 packets

  • TCP / UDP fractions (packets larger than 1500 bytes) are discarded

  • ICMP / IGMP (including PING) is discarded

  • UDP source port 19, 69, 111, 123, 137, 161, 389, 520, 1434, 1900, 9987, 11211 are limited (10Mbit)

  • UDP Destination Port 27000 to 29000 is strictly filtered against source engine packets

  • UDP Destination Port 53 is strictly filtered against DNS packets and enforces TCP truncation

  • When HTTP Layer7 mitigation is active, all TCP traffic on ports 80 and 443 is routed through a reverse proxy

  • If HTTP Layer7 Mitigation is active, Cloudflare must be deactivated, otherwise the DNS resolution will loop

  • If HTTP Layer7 Mitigation is active, Cloudflare must be deactivated, otherwise the DNS resolution will loop

  • All traffic (except TCP / UDP) and is blocked

  • All traffic (except TCP / UDP) and is blocked

  • All other traffic (TCP / UDP) is strictly validated:

TCP connections are only possible if a TCP SYN or SYN-ACK packet has been sent and accepted beforehand, the filters behave like a kind of asynchronous stateful firewall for server applications. Establishing a first connection (SYN or SYN-ACK) may take significantly longer or be interrupted for the first time, web presences may take a little longer to load
UDP connections are only possible if they are carried out by a “valid client”. Spoofing is prevented by an intelligent comparison of all connection parameters