Just so you guys are aware, Round Robin is 1 of many methods to mitigating a DDOS attack. It isn't the most expensive but it isn't the least expensive. If you guys truly want to learn about protecting yourselves theres a few things you should learn.
You should get in depth with these:
DNS
Datagrams
Internet Protocols (UDP, TCP, HTTP, FTP)
Ports & Scanners
Proxies
Load Balance
Packet Disruption, Flagging, Dropping. (Basically how packets are sent, received, and what the server tells them to do)
Firewalls such as (IPTables, Comodo, etc) - Depends on the OS you are running.
Now those are just a few things you can use to protect your servers more. Honestly I wouldn't learn these for a private server, but to get to know networking some more. You could make a career out of it if you really tried to get into it.
Anyway heres a few things I will explain for you since I'm rather bored currently.
DNS: DNS is a Domain Name System. What this means is every IP under the same DNS can connect to each other. (Basically they can talk to each other so to speak...) This means the more servers you have under 1 DNS, the more connections can be separated between servers lightening the load on each server. (Attacked or not)
Datagrams: A datagram is generally referred as a packet. Specifically it is the unreliable ones or fragments, like most UDP packets. I wont go into specifics but a datagram consists of a header and payload. The header is information such as where its coming from, where its going, etc. The payload is the information itself in which is being sent. There are many variations of datagrams so I suggest looking deeper into it.
Internet Protocols: There are tons of internet protocols and I don't care to list them all. Here are the basic ones you most likely already know about. Internet protocols just send different datagrams or types of packets across the network. Examples are: UDP / TCP / HTTP / FTP.
HTTP: As I assume everyone here knows, HTTP is for web servers. HTTP protocols sends requests from your browser to the internet page you are requesting. It goes deeper than that but you have to look it up to find out. Normal Port Used: 80 (HTTP) and 443 (HTTPS)
FTP: I also assume all of you know FTP is for File Transfers. This is how you send files from 1 host to the next. Normal Ports Used: 20 & 21
UDP: UDP is a much more important protocol because it is used for host to host communication. This is used in many games (such as maplestory), but also used in DNS, DHCP, RIP, etc. UDP sends packets between hosts with no prior communication. It uses High Layer sockets and sends datagrams. There are upsides and downsides to UDP connection wise so I suggest you look at that. UDP is also one of the most known floods used when being attacked with a DDOS. Ports 1-65535 can be used with UDP.
TCP: TCP is also a very important protocol such as UDP. These protocols can also go hand in hand with each other when accepting & requesting connections. Maplestory even does that. TCP is the more reliable protocol because it sends & receives the information more accurately, but slower. TCP uses a 3 way handshake to establish a connection with each host. This is where SYN/CSYN, and ACK comes into play. Everytime you use TCP, a SYN is sent to the host. SYN and CSYN is also a major playing in ddos because it is how you ddos anyone using TCP to connect. You can look in more depth about how TCP connects and also look up about the handshake. 3 handshake you connect, 4 to close. Ports 1-65535 can be used with TCP.
Ports: Ports are the (door) to connect host-host. These ports range from 1-65535. Each IP (Internet Protocol) defines the port they are using in their header to the destination. Ports can be opened & closed at your discretion. You must open any port in which an application you are running must use to connect to. The open ports are the ones used to DDOS by sending a massive amount of packets or connections to it. Any port that is closed can not be connected to.
Another note is there are programs to scan for open ports on an IP address. Also in the case of maplestory, if you are monitoring where & how you are connecting when you open the client, it will show the IP and port you have connected to in order to run the client. I won't list any programs because this is educational. (Just google it)
Proxies: Proxies are servers in which a client must to connect to and is then redirected to the correct host. It is an intermediary in the process of host-host connections.
The example being Client 1 wants to get a file from Server 1. Server 1 has a proxy set up as Server 2. Client 1 -> Server 2 (Evaluates Client 1) -> Server 1 (Approved)
There are many types of proxies, HTTP, SOCKS, and they are used for different purposes. You could also call any server you use for mitigation purposes a "proxy server" as you are misleading the client as to where he is actually connecting.
Load Balancing: Load balancing is 1 of the best ways to keep the stress off your server. Exactly as the name says, you balance the load of connections coming through via several servers. You can set rules & permissions for your balance to your liking.
Example: I own 3 servers. I have 10 people connecting to my server at once. I write the rule where every 3 connections the destination changes to the next server.
(IPTables Ruleset)
What this means is the following:Code:iptables -A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW -m nth --counter 0 --every 3 --packet 0 -j DNAT --to-destination 127.0.0.1:80 iptables -A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW -m nth --counter 0 --every 3 --packet 0 -j DNAT --to-destination 127.0.0.2:80 iptables -A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW -m nth --counter 0 --every 3 --packet 0 -j DNAT --to-destination 127.0.0.3:80
Server 1: 3 people connected so all connections move on to Server 2. (3 total connections)
Server 2: 3 people connected so all connections move on to Server 3. (6 total connections)
Server 3: 3 people connected so all connections move back to Server 1. (9 total connections)
Server 1: 1 person connected so it waits for 2 more connections. (10 total connections)
Rinse and repeats that. Load balancing is a lot of work to set up but I highly suggest you learn about it. This will not only lighten your load normally, but it will take a much stronger ddos attack to take your entire server down. PS: If you look further down, I explain what IPTables is.
Packet Disruption: Basically this is connection control... you now know about multiple protocols and how packets are sent to your server. You have the option to write scripts or use firewalls to give these packets rules to abide by. There are ways to determine whether or not you have a packet you don't want to receive, or you have a lot from 1 destination you want to block. You can flag a packet to be dropped or accepted. If you drop a packet your server will never receive it, so you could block an entire ddos if all the packets were flagged & dropped. I'm not entirely sure how to explain this more, but look at dropping packet rules with the firewalls you use.
Firewalls: Firewalls are a security measure to protect your system. This means programs, connections, anything you can think of that can get access to your host. There are millions of firewalls but I will suggest a few to look at. My personal favorite if you are using Linux is IPTables. IPTables is one of the most flexible firewalls where you can write rules on what to accept or deny from accessing your server. It is also very easily able to be expanded by your own scripts and firewall and incorporated into it.
On Windows, you could use firewalls such as Comodo, VisNetic, and others. There are tons of firewall options for windows, but I am not familiar with many as I always play around linux. I am a *nix nerd.
Those are the software options... now theres always hardware!
Some hardware options are Cisco, IntruGuard, Riorey, Top Layer. All of these filter DDOS attacks differently and I can't help you in choosing which to use if you do. AFAIK the most common hardware any Dedicated Server Host uses is Cisco, as they don't offer others. If you own your own server(s), I recommend looking into each of the 4 I mentioned to find out which one works best for you.
That's about it.. It's fucking 4:45AM and I have been writing this for like 45 minutes.. I'm sure there will be errors cause I am so damn tired but enjoy your lesson. You can ask me questions and I will be happy to answer, but I think I'm done giving to this community.
TL;DR: You are a lazy fuck who doesn't want to learn.
Reply With Quote
Originally Posted by Five
