NEED setup Firewall



  • Hello i have a ovh game vps
    i run a vpn
    and there is attack with syn its effect my vpn connection

    is there any one he can help me ?



  • Hi,

    syn attacks can't be stopped from your VPS : you can't do anything when DDOSed.

    Check with OVH support.
    See also the OVH forums, the subject is known for decades now.

    Check this : https://www.soyoustart.com/en/ and ask yourself : why are there special "Game" servers ? Not because they have a special graphics card : they have none. Even processors and memory isn't really special.
    But something is : https://www.soyoustart.com/en/faq.xml

    I guess a basic VPS is to 'ordinary' to host game services. Worse : when a VPS is DDOSed, the entire host system will suffer : all the other VPS's on the same system.

    Btw : I'm just mentioning the SYS servers as an example, it's up to you to choose the right server for your need. Your first choice should be : how is DOSS handled ?! All the other aspects like price, size, performance etc are less important.

    Another easy, cheap solution exists : do not communicate the IP of your game server to anybody. Never. Do not invite friends - that will become your enemies - to your server. Never.
    Apply these rules and you will never need to know what DOS is ....



  • yes true
    i try many times with many diffr.. way to stop it
    but not working until now

    also i run a vpn not a game
    and there is some perosn stop this attack like this ip
    188.165.6.127
    no one down it with syn attack



  • @GameVPN said in NEED setup Firewall:

    188.165.6.127

    Contact OVH tech support. Open a ticket with them and explain what's up.



  • @Gertjan R u using snort(IDS,IPS)



  • @sahan said in NEED setup Firewall:

    @Gertjan R u using snort(IDS,IPS)

    No - I do not need these.
    I only have trusted devices on my LAN ... and trust the people that use these devices.
    All other devices and people : behind a captive portal.

    Also : I don't know how to sneak/peak into SSL traffiv anyway, without completely breaking everything, or breaking my head.


  • LAYER 8 Global Moderator

    If the problem is your application be a game or vpn server can not handle the syn traffic, but your pipe is not anywhere close to being saturated.. Then a firewall can help, by filtering out the traffic before it gets to your application. As long as the firewall can handle the amount of traffic being generated.

    What you can not stop with a firewall is when the pipe to the firewall is full.. The only way to handle such an attack is getting a bigger pipe, and fiewall and application that can handle the extra traffic.. Or get with the who provides the connection so that the unwanted traffic can be stopped/diverted upstream so your pipe does not become saturated.



  • @johnpoz but how do i make it filter before it get to my server is there way ?


  • LAYER 8 Global Moderator

    You would have to block the source IP.. Or you would have to use IPS to block the traffic on some other signature..

    Which if a ddos - pretty hard to determine what is good traffic and what is bad traffic based on only IP.. Pfblocker could be of help here if all the bad traffic is coming from country X, but hope you don't have any actual clients you want to allow in country X, etc.

    Again this can only help if your pipe is not full.. if your pipe is full not going to help..



  • @johnpoz i will message you on private chat


  • LAYER 8 Global Moderator

    Where exactly are you seeing that - like some of the first rules in the firewall

    block drop quick inet proto tcp from any port = 0 to any label "Block traffic from port 0"
    block drop quick inet proto udp from any port = 0 to any label "Block traffic from port 0"
    block drop quick inet proto tcp from any to any port = 0 label "Block traffic to port 0"
    block drop quick inet proto udp from any to any port = 0 label "Block traffic to port 0"
    block drop quick inet6 proto tcp from any port = 0 to any label "Block traffic from port 0"
    block drop quick inet6 proto udp from any port = 0 to any label "Block traffic from port 0"
    block drop quick inet6 proto tcp from any to any port = 0 label "Block traffic to port 0"
    block drop quick inet6 proto udp from any to any port = 0 label "Block traffic to port 0"
    

    They are just not shown in the gui..


Log in to reply