Crim Posted May 6, 2011 Posted May 6, 2011 Hello! I am planning to programmatically IP ban (Windows Firewall inbound rule via netsh) all players who get banned from the game server running on my root because so far quite a few people got angry and attacked it (mainly simple DoS attacks). Can this lead to performance problems in the long run? Have you ever blocked out a thousand remote IP addresses (not a range)? Thanks in advance! Quote
ICTCity Posted May 7, 2011 Posted May 7, 2011 Hi there, You can ban IPs with any trouble regarding performance... Just remember that usually user's IPs change dynamically every hours or days or simply by reconnecting to ISP. Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
Crim Posted May 7, 2011 Author Posted May 7, 2011 Thank you! I realize that this countermeasure is pretty useless when it comes to serious DoS/DDoS attacks but for kids who are angry because they just got banned from the game server it should be enough in most cases. Do you know if an IP banned user can still take down my server by flooding it with more than 100Mbit/s (its bandwidth)? Quote
ICTCity Posted May 7, 2011 Posted May 7, 2011 once the IP is banned, you can't do anything. But actually you can reach the router, if you can activate a dos protection (if applicable) or blacklist IP on router! Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
Crim Posted May 7, 2011 Author Posted May 7, 2011 once the IP is banned, you can't do anything. That sounds great but the firewall still has to stop the packet flood by filtering out all packets that come from banned IPs, right? Doesn't that cause the server to slow down or crash when the attacker's bandwidth is higher than mine? But actually you can reach the router, if you can activate a dos protection (if applicable) or blacklist IP on router! That would probably be the best solution but as far as I know only my ISP can do that. There is a DoS protection installed on the game server which works fine but I would like to improve the security further. Thank you for your help! Quote
ICTCity Posted May 7, 2011 Posted May 7, 2011 DoS is the most effective attack. Of course blocking and checking an IP is an hard work for your server, but you have no choice. You can substitute your SW fw with an hw appliance but they are quite expensive. Create a defense for a DoS attack it's an expensive process. Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
Crim Posted May 7, 2011 Author Posted May 7, 2011 So basically IP banned attackers can still heavily slow down my server even without changing/faking their IPs unless I have much more bandwidth than them or a fancy hardware firewall? :o Quote
ICTCity Posted May 7, 2011 Posted May 7, 2011 So basically IP banned attackers can still heavily slow down my server even without changing/faking their IPs unless I have much more bandwidth than them or a fancy hardware firewall? :o Well you can be a bit more safe by blocking IP. What I want say is that you don't have to be so sure that DoS is blocked... It's just a bit more hard than before :) Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
Recommended Posts