Discussion in 'Bukkit Discussion' started by Mike1022, Aug 26, 2013.
I was wondering how I could get Good and cheap DDoS protection. $50 USD would be good.
You could use a protected VPS and GRE tunnel.
Ok, I've heard that idea. The thing is, I don't know how to make a GRE tunnel. (I have used google, all I can find is stuff about Cisco routers.)
There's no such thing as cheap DDoS hosting. You get what you pay for unfortunately, and it's not cheap. You are talking anything above $300 for something remotely useful.
Oh, I see. I think it will be a good idea to use a VPS server then. Thanks for the input!
There is no need for a small environment to even think about DDos protection. What TCPGuard does here is actually not a garanteed protection. You bite your own tail with this.
Its likely that this is nothing less than a proxy and you pay for the traffic that is going through.
So If someone wants to DDos you this would prevent the traffic going to your server as it might have some sort of detection that does not relay packets to your real server but ... they dont need to DDos you. Using this service they can stop your service easier by just exhausting your traffic limit. 5$ per month = 100GB hitting this limit will probably either throttle or shut down packets send to your server fully.
So if I just download the texture pack from your server over and over again i might hit the limit someday without even ddosing you.
Don't worry about small ddos attacks most of them happen and you wont notice them as your host is fast enough to handle the traffic. If you really need protection from such attacks try to minimize the attack vector on how they do it.
For example if they send you invalid packets directly to your minecraft server this can be logged and logs can be checked with fail2ban.
Multiple hits would ban the IP for a configureable amount of time which will slow down those attacks. And as soon as they get they cant do much they will lose interest at some point.
Making a GRE Tunnel is not that difficult on linux and requires a few commands. Narrow your searches down a little more to Linux and this should help filter out all the GRE Docs specifically tailored for Cisco.
MinecraftServers.ca true but this thread is about DDos protection i do not see a difference in this use case if your server got spammed or the tunnel end point got spammed.
One of them will probably give up at some point if the bandwith exceeds 100 Mbit/s or the switch whitch the server is connected to will throttle the traffic coming from those ranges. Yes, even if your hoster does not tell you "we protect you from ddos" they do have some sort of defence IF this happens as they are interested that their network works normal.
DDosing your server would mean that the whole network segment could get affected. More packets -> more traffic -> more load -> more errors. And more load that is something that they don't want.
If your host does not have professional grade network switches this attack would not even affect your server since the hardware in front of it fails long before...
jayfella is right .. you can't expect to get protection for $5.
Its likely that you will have more problems with such tunnels then without. And be sure .. most servers with a 100 Mbit/s connection can handle a small attack. Depending on the vector this can also be filtered by your packetfilter.
Separate names with a comma.