DDoS protection

I was wondering if something like this built as a plugin (more likely) or built into a forge mod (most likely) would be possible. I have not dealt with major DDoS issues so I do not know the nature of them but do you think it would be possible to have an effectove anti-DDoS mod? Many servers, especially the larger ones get hit often and this would be a nice feature to have. You would have to do some serious packet analyzing afaik.

That’s not a job for Sponge, that’s an OS feature.

Everyone above me in this thread is wrong!

Software (Sponge nor OS) can not do much against a true DDOS, it’s something that needs to be done on a network-level - AKA by the Datacenter (or having an additional layer above your servers ip)

There is some software DDOS protection solutions, but, if the server isn’t receiving packets - you cannot expect software to scrub them properly.

You would need software at a higher level than Sponge to detect DDoS attacks.

Beating a dead horse a bit, but handling DDoS packets wouldn’t do much for Sponge. It could just dispose the packets at best, but proper DDoS attacks are designed to occupy ports on the host machine, which is done outside the Minecraft server software. There may be another sort of DDoS that concerns itself with sending connect packets to the server, but I’m not familiar with that.

Just going to say that I was asking not trying to state anything… I was just asking if it was a possibility as there are some software DDoS solutions out there, it seems though that there would be no benefit for sponge to have software level protection. Thanks for the responses, I have never really had to deal with DDoS attacks and I was just curious.

In what saying that DDOS protecting is on a OS level am I wrong, that’s level 3/4 on OSI if I remember correctly.

If you need DDoS protection, go with a service provider who provides native DDoS mitigation at their network level for best results on your game server.

Alternatively, fine a host that has DDoS protection through a third party provider. Heck, most do now days.

No that’s not true at all. Some server hosts (including OVH and PhoenixNAP Secured Servers) offer free DDOS-mitigation, but a lot of hosts will actually end your service when they’re experiencing DDOS-attacks. Most of the time the user himself is responsible for any DDOS-attacks that could be received. If they’re experiencing high volume attacks, they’ll need to contact a professional mitigation company like Black Lotus of Intreppid.

If you’re sending a ton of water through a tiny pipe, nothing at the end of the pipe will fix your problem.

One thing to factor is that DDoS does not consist of just one type of attack, it varies greatly. ICMP ping floods, SYN flooding are things that can’t be controlled at the sponge/server level. However detecting someone sending hundreds or thousands of MC query/join/ping packets (which would appear legitimate to a firewall because you are hosting a Minecraft server after all) could be tracked at the server level, but blocking the user at server alone wouldn’t be enough, the server would have to be able to tell a firewall to drop all incoming packets from that host, however this only frees up the server from having to waste resources and responding to this bogus packets and it would merely remove only a small portion of the bandwidth that is being consumed by the DDoS as a whole. sk89q’s comment was a perfect analogy, you can try and add more but if you’re already at the point were the pipe is too full to accept anymore there’s not much that can be done, especially when that traffic looks legitimate to begin with

Any software-side DDoS protection would be next to useless. A Sponge Plugin would be just as useless.

All real DDoS mitigation is done via hardware for good reason.

genius xD hahah

Nothing wrong with watching packets to detect the difference between spam and legit, but calling this DDoS protection wouldn’t be correct.

I still don’t feel like it’d be very effective at all, probably not enough to be worth implementing. It would seemingly only target packets that would be targeting the Minecraft server, although the server can just turn down various packets from other types of DDoS attacks. Guess I’m beating a dead horse though.

It’s true that some filtering at the end point will help in certain cases and in small volumes, but if you need proper DDoS protection, then you will have already handled that elsewhere.

It might help if you pissed of your ex and s/he found some random flood program to perform a DoS, but at that point, any effort on our part to implement effective filtering would likely outweigh the benefit.

It currently impossible to detect and stop DDoS attacks with a mod like Sponge or any other plugin running on Sponge/Forge. My apologies.

~ xxmarijnw

People on here don’t appear very knowledgeable when it comes to the topic of networking and DDoS. If you are being hit with SYN or ICMP 1. The guy attacking you is an idiot. and 2. Using an IP table you can simply mitigate the attack. More experienced users would use the most effective 4 layer attack, the DRDoS-DNS because when it is applied to port 80, nothing can stop it (except good mitigation) because it doesn’t allow any traffic in or out. Also kids bragging about how they are going to hit down your server with a 7 layer DDoS attack are idiots also, because 7 layer attacks are used to overload web servers with essentially by opening a million web tabs. And since minecraft isn’t a website, good freaking luck.

It’d take more than one Sponge to soak all of that up.

a layer 7 attack would be attacking the application by sending packets crafted for the application specifically, in the case of minecraft sending thousands of minecraft ping/query packets or join packets. so a layer 7 attack is doable. The issue with blocking using iptables,pf is that it only prevents the traffic from reaching the application it still consumes bandwidth (albeit a bit less because the server isn’t replying back now). Which is what I assume billytheDOLPHIN means when he says “mitigate the attack”. All in all, the only way to prevent a DDoS from taking you down is to have a more bandwidth than the attack can saturate. Meaning if you have a home based server don’t advertise yourself and make yourself vulnerable to attack, if you have a commercial hosted solution then just hope the attacker doesn’t have a zombie network with more bandwidth than you. Commercial solutions sometimes do offer automated ddos protection, which basically just detect the attack and then block the addresses the attack is coming from reducing the bandwidth consumed, but not stopping the attack entirely.