Game Server DDoS (Steam / UE4)

I run a dedicated server for Mordhau, an Unreal Engine 4 game ( https://store.steampowered.com/app/629760/MORDHAU/ ).

Over the last two months our server has been the target of an ongoing DDoS attack which causes the server to drop all clients.

I recently migrated the server from a self hosted Unraid box on a gigabit connection to Linode in the hopes that Linode's anti DDoS offering would help mitigate the attack in some way.

The attacks are sporadic and only happen when the server is populated, so we know the attacker is actively monitoring the server, or using Steam API's to query the server for player numbers.

Our server uses 1.5mbps down and 5-10mbps up on average, however when the attacks take place we spike from 106Mb/s - 500Mb/s+

https://i.imgur.com/oWc3tuE.png
https://i.imgur.com/xRLFScK.png

After recording a wireshark dump we had the attack analyzed and concluded it was indeed a DDoS attack with the vast majority of incoming IP's originating from the US and Russia. Since our server is hosted in Australia our hope was that we'd be able to drop packets originating from countries outside of our own.

I contacted Linode support and asked if there was anything that could be done to help mitigate this attack by dropping inbound packets or increasing the anti DDoS threshold/trigger, however Linode responded with the following:

"Our Anti-DDoS protection is applied at the edge of our network and we don't have the level of granularity to make that adjustment."

They then suggested i reach out to the Linode community for input.

Can anyone comment on possible mitigation techniques? We've already resorted to VPN's for IP obfuscation but the Steam API broadcasts the IP publicly. Changing the server IP only gives us 1-2 days is respite before the attacks pick up again.

3 Replies

Hello!

As a Linode Support team member, my answer here is most likely going to fall in line with the response we've already given you. I wanted to do that for the purpose of giving that information to any others who might come across this post.

That said, what I want to do is give this post as much visibility as I can for you, so that other members of the Linode Community will be able to see it and respond with their suggestions for you. To do that, I've added some additional tags to it.

We do provide a level of DDoS protection, which is described in more detail here:

DDoS Protection

That is designed to protect your servers from large volume traffic that might be harmful. Some of the smaller-level attacks might still get through, so we recommend adding an additional layer of protection. We have another post here on the site that gives some resources you can look into:

Suggestions of DDoS protection service provider

I want to open this up for discussion to see what other members of the Community can suggest.

I've been asking around to get input on the matter and someone suggested that we sign up with OVH (Linode competitor), however only to use their server as a GRE tunnel to Linode.

I have no intention of leaving Linode as the price and performance is very competitive, however as i mentioned above, the idea is to use OVH and their supposedly superior anti DDOS and UDP packet flooding mitigation as a GRE tunnel to Linode.

https://www.lowendtalk.com/discussion/156850/howto-tunnel-ddos-protected-ovh-ip-to-vms-in-other-datacenter

I'm investigating this option however it would increase hosting costs considerably and is something i'd like to avoid considering i pay for Linode out of my own pocket.

Why not just use ovh alone then, to avoid renting 2 servers? Also did you have any luck?

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct