ddos & whitelist user ip

[kardale]

Some thoughts about ddos mitigation. As a user I would be happy to take on inconvenience to make it easier for nostalrius to fend off ddos attacks. For example, if the nostalrius setup allows for packets to be ip-address filtered far upstream, I would gladly user a portal to whitelist my source ip . The whitelist could filter upstream of both realm and login servers. Of course the portal is a point under attack. There may be off-shelf portal choices the dev team can use with less effort. Heck, even if the choice was a commercially fortified email provider (to which users email their ip for whitelisting), I'd use that too. Just some thoughts. Thanks Nostal devs for all you've done!

[Zoey_Urbina]

In before they catch an packet whos IP has been whitelisted. Doesn't take much effort to spoof their packets to essentially then bypass much if not all of their DDOS mitigation, so no thank you.

P.S: No one here can be sure that it's a DDOS since there's not been an official statement from Nostalrius.

[St0rfan]

Some thoughts about ddos mitigation. As a user I would be happy to take on inconvenience to make it easier for nostalrius to fend off ddos attacks. For example, if the nostalrius setup allows for packets to be ip-address filtered far upstream, I would gladly user a portal to whitelist my source ip . The whitelist could filter upstream of both realm and login servers. Of course the portal is a point under attack. There may be off-shelf portal choices the dev team can use with less effort. Heck, even if the choice was a commercially fortified email provider (to which users email their ip for whitelisting), I'd use that too. Just some thoughts. Thanks Nostal devs for all you've done!

The question is how would this affect people whos' ISP provide addresses via DHCP, not to mention people who live in multiple locations or travel alot, playing from a laptop. Personally I probably connect from 10-15 different IPs in a month.

[r00ty]

In before they catch an packet whos IP has been whitelisted. Doesn't take much effort to spoof their packets to essentially then bypass much if not all of their DDOS mitigation, so no thank you.

P.S: No one here can be sure that it's a DDOS since there's not been an official statement from Nostalrius.

For spoofing IPs you're usually limited to ICMP/UDP/SYN floods though. I do wish ISPs would tighten their border security to prevent this.

For a DDoS maintaining a full TCP connection, it kills address spoofing dead, since the sequence number cannot be guessed reasonable and as such the rest of the connection beyond SYN never completes.

There seems to be a pre-disposition to assume anything unsual is a DDoS these days.

[St0rfan]

In before they catch an packet whos IP has been whitelisted. Doesn't take much effort to spoof their packets to essentially then bypass much if not all of their DDOS mitigation, so no thank you.

P.S: No one here can be sure that it's a DDOS since there's not been an official statement from Nostalrius.

For spoofing IPs you're usually limited to ICMP/UDP/SYN floods though. I do wish ISPs would tighten their border security to prevent this.

For a DDoS maintaining a full TCP connection, it kills address spoofing dead, since the sequence number cannot be guessed reasonable and as such the rest of the connection beyond SYN never completes.

There seems to be a pre-disposition to assume anything unsual is a DDoS these days.

Agreed. The lag we are experiencing could be the simple fact that the server got a population about 4-5 times as great as the retail vanilla-servers were originally intended for. The fact that a private server is running with 12k population is simply mind-boggling.

[Talryx]

First, I have never seen 12k it's usually in the neighborhood of 4-6k when I'm on. The lag usually starts to get bad as it approaches 7k and when it has been problematic the last few days the population has not been that high, so clearly that's not the issue.

To reiterate, the recent issues have been occurring when population is lower than the levels where last becomes a big issue.

[St0rfan]

First, I have never seen 12k it's usually in the neighborhood of 4-6k when I'm on. The lag usually starts to get bad as it approaches 7k and when it has been problematic the last few days the population has not been that high, so clearly that's not the issue.

To reiterate, the recent issues have been occurring when population is lower than the levels where last becomes a big issue.

The /who-list only shows characters of your side and the A/H ratio is almost 50/50 meaning 6k players x2 to get the actual number.

[r00ty]

The /who-list only shows characters of your side and the A/H ratio is almost 50/50 meaning 6k players x2 to get the actual number.

On retail it works that way, but on most p-servers it tends to be the case that it refers to the total.

Agreed. The lag we are experiencing could be the simple fact that the server got a population about 4-5 times as great as the retail vanilla-servers were originally intended for. The fact that a private server is running with 12k population is simply mind-boggling.

Well more-so when you consider that on retail they have (and always have had) separated servers, for example for each continent, maybe one for cities and separate servers for instances/BGs.

Nost runs it all, all these things on one server (to my knowledge at least) and this is

1: quite spectacular, even considering the relative power of modern hardware
2: going to cause problems with this kind of population whatever you do to mitigate.

[St0rfan]

The /who-list only shows characters of your side and the A/H ratio is almost 50/50 meaning 6k players x2 to get the actual number.

On retail it works that way, but on most p-servers it tends to be the case that it refers to the total.

Agreed. The lag we are experiencing could be the simple fact that the server got a population about 4-5 times as great as the retail vanilla-servers were originally intended for. The fact that a private server is running with 12k population is simply mind-boggling.

Well more-so when you consider that on retail they have (and always have had) separated servers, for example for each continent, maybe one for cities and separate servers for instances/BGs.

Nost runs it all, all these things on one server (to my knowledge at least) and this is

1: quite spectacular, even considering the relative power of modern hardware
2: going to cause problems with this kind of population whatever you do to mitigate.

From personal POV I would love to know the hardware they are running this on. The feenix guys had some pretty massive hardware and they manage 1-2k players before the server goes to its knees. Nost admin must have some pretty insane stuff.

[Talryx]

The /who-list only shows characters of your side and the A/H ratio is almost 50/50 meaning 6k players x2 to get the actual number.

LMFAO no dude this isn't Kronos. /who = total players.