stop the ddos somehow

[Super Aggro Crag]

i wanna play

[oranges]

pay up https://www.reliablesite.net/ddos-protection/

[D&B]

When you code it

[Yakumo_Chen]

Pick the free one?

[oranges]

Pick the free one?

the free tier we are using is being swamped by the DDOS

[terranaut]

Pick the free one?

the free tier we are using is being swamped by the DDOS

just pick it 5 times and stack it lol

[Cobby]

When you code it

[Retardedgrayshit]

hjkghjkghjkghjkghjk

[oranges]

this, this is salt

[Super Aggro Crag]

Hey Dan Gar here just wanted to say i hope your shitty server gets ddosed until the end of time

More like dan gay

[peoplearestrange]

Hey Dan Gar here just wanted to say i hope your shitty server gets ddosed until the end of time

Is this more salt than the time someone printed out a pic of anon and literally shit on it? It's certainly on a par. Either way they both need you to handle your own poop to clean up.

[PKPenguin321]

Hey Dan Gar here just wanted to say i hope your shitty server gets ddosed until the end of time

Is this more salt than the time someone printed out a pic of anon and literally shit on it? It's certainly on a par. Either way they both need you to handle your own poop to clean up.

It's bait

[MisterPerson]

Hey Dan Gar here just wanted to say i hope your shitty server gets ddosed until the end of time

More like dan gay

Woah calm down there Crag, your cunning wit's gonna kill someone.

[carshalash]

Hey Dan Gar here just wanted to say i hope your shitty server gets ddosed until the end of time

Aren't you that guy that would hound admins every round for free antag?

[Plapatin]

snip

Is this more salt than the time someone printed out a pic of anon and literally shit on it? It's certainly on a par. Either way they both need you to handle your own poop to clean up.

holy shit its been a while i thought you died

[Electronics]

Can we not get whatever ISP we have to block the sources of the ddos?

[Qbmax32]

We believe it’s a bot net

[Super Aggro Crag]

get the ion rifle then dip STICK

[Super Aggro Crag]

Just flip off the "Allow DDoS" switch smh MSO is so lazy

Well it is weedsmas

[ABearInTheWoods]

The source address of an Internet Protocol packet is spoofable. The only protection against this is the fact that establishing a connection requires a 3 way handshake and if you spoof the source address you don't get the 2nd packet so you can't properly respond with the final 3rd packet.

What we are getting is a massive flood of spoofed packets to the tune of 1 to 5 million packets a second, depending on what they can afford at that time.

The source address of these packets is spoofed, during a 10,000 packet sample taken during one of the ddos's, there were 9946 unique source ip addresses.

[D&B]

Dumb pindosi

[peoplearestrange]

The source address of an Internet Protocol packet is spoofable. The only protection against this is the fact that establishing a connection requires a 3 way handshake and if you spoof the source address you don't get the 2nd packet so you can't properly respond with the final 3rd packet.

What we are getting is a massive flood of spoofed packets to the tune of 1 to 5 million packets a second, depending on what they can afford at that time.

The source address of these packets is spoofed, during a 10,000 packet sample taken during one of the ddos's, there were 9946 unique source ip addresses.

Its kinda amazing (read:sad) that someone is spending their (or their parents) hard earned cash to make a game server suffer for awhile. Because thats all it is, an annoying inconvience. Eventually they will get bored, run out of money, or we'll find away to stop it.

They think they are self rightous, we think they'll be forgotten.

holy shit its been a while i thought you died

Na im still alive, just been doing other stuff non SS13, though like us all, we come back eventually.

[FuttBucker]

The source address of an Internet Protocol packet is spoofable. The only protection against this is the fact that establishing a connection requires a 3 way handshake and if you spoof the source address you don't get the 2nd packet so you can't properly respond with the final 3rd packet.

What we are getting is a massive flood of spoofed packets to the tune of 1 to 5 million packets a second, depending on what they can afford at that time.

The source address of these packets is spoofed, during a 10,000 packet sample taken during one of the ddos's, there were 9946 unique source ip addresses.

Its kinda amazing (read:sad) that someone is spending their (or their parents) hard earned cash to make a game server suffer for awhile. Because thats all it is, an annoying inconvience. Eventually they will get bored, run out of money, or we'll find away to stop it.

They think they are self rightous, we think they'll be forgotten.

holy shit its been a while i thought you died

Na im still alive, just been doing other stuff non SS13, though like us all, we come back eventually.

https://en.wikipedia.org/wiki/Hanlon%27s_razor
"Never attribute to malice that which can be easily explained by human stupidity."

They're not DDoS-ing the hosts in some effort to cause a massive problem for hundreds of people or to somehow gain an upper hand.
They're doing it because "it's funny."
It's like choosing to play an assistant because you want to play Antag, but when you don't get antag you decide to "do dumb fun things" as an assistant which ends up pissing off half the station.

on a related topic, Reverse proxies are an absolutely wonderful way to help mitigate DDoS attacks; has any consideration been given to standing up an nginx reverse proxy for the purposes of DDoS mitigation? or would the BYOND engine have an aneurysm over the concept?

[ABearInTheWoods]

A network of reverse tcp proxies was an idea we discussed to stop the attacks, we can even do validation by just putting a stub byond world that whitelists the ip and redirects to the whitelisted port. The hard part is cost of the other nodes. You can kinda abuse vpses and the fact they all come with some amount of bandwidth at a cheaper cost than buying it directly, subsidised by the fact that most of the clients don't use much of their allotment, but mis-plan the capacity and you're looking at some costly invoices.

Let's say you get 13 amazon lightsail instances at $3.5 a month each $45.5 total, one for each aws region, thats 13tb a month of included bandwidth usage.

This month so far, /tg/ has used 37037.29 GB of bandwidth, most of that from the ddos, and it's only the 23rd.

At 0.09 USD/GB for bandwidth overages, that would be $2,135.28 in overages.

Upgrade the nodes, get the 2TB for $5 a month, and now you have 26TB of capacity for $65 total a month. Thats still not 37TB of capacity.

$937.20 overage fee

It doesn't make sense to scale the nodes up at this point, 10 bucks only gets you 3TB, its cheaper scale them out. 7 more $5 nodes in the 7 popular regions for a total of $100 a month for 40TB of capacity,

This is also the max amount of lightsail nodes you can have in one aws account, before they force you to use ec2 instances that have no included bandwidth. There are other providers with about the same pricing, just not one with nodes in all the same regions as aws, and doesn't tie in as nicely to route 53's latency based domain records to do the actual geoip routing.

Still, thats $100/month to (hopefully) cover the ddos, and given current usage, and the fact the ddos hasn't been happening all month, it would very likely still break past 40TB in one month.

Thats not to say building this system wouldn't have other benefits. Overall ping would drop because the routes would be better than home isp routes.

Even now, pinging my personal ip from the server, and pinging the server from my computer, show two different routes, and a ping drop from 60ms to 45ms, and i'm only two states away from the server. Data Centers generally optimize for better routes. Home isps instead keep the traffic in network for longer, bouncing from connected region to connected region, optimizing for the cheaper route when it finally leaves their network.

Hit 420 on the patreon (or hell, hit 365) and I'll be able to do it. It's not like I can't turn off the nodes if it looks like its about to go over.