Jump to content

Recommended Posts

Posted

Hi,

I have been a few times attacked by DDoS attacks just because I sponsor some guilds and clans with a TeamSpeak server.

My current router has "Denial-of-service (DoS) attack prevention". Well this is good on paper but when a DNS DDoS attack comes as it has done, my router gets a little slow. The attacks won't kill my connection, but it more or less gets unusable.

The router has a 680 MHz processor with 16 MB flash and 128 MB RAM.

(Netgear WNDR3800 - N600 Wireless Dual Band Gigabit Router—Premium edition)

Would a homemade router stand better against these kinds of attacks or is there a way to make the current one better against it?

If a homemade router would be better, what OS / firewall should be used? I know Smoothwall has gotten a lot of good things said about it, and I know Darren has used this in one segment (back in 2010 i think). Would that still be one of the better free versions that is easy to handle or has there come up something new?

Sincerely,

Sleepwalker/Uyurgezer

Posted

If your router is maxing out its available resources a homemade router or higher spec one may be beneficial however in a DOS situation you will probably be limited by the amount of available bandwidth. I currently use untangle on an old PC as a firewall and router. I would try flashing open-wrt to the router if it supports it and looking at its resource use whilst under a DOS attack and throwing a couple NIC's into an old PC and using untangle or smoothwall etc as if you are not bandwidth limited a custom router would stand up better.

Posted

I'd agree, it is more likely that it is your bandwidth that is being maxed out rather than the resources on your router but improving the spec of your router won't hurt if you are being hit hard.

Posted

Thanks for the answers.

The feeling I have had is that the router is the thing that gives up.

I have a 200/200 Mbit connection and the attack has only been from one DNS source at the time. People on the TeamSpeak server can still talk to each other, but with robotic voice. This is why it feels like it's the router that can't withstand the attack.

I will be trying out a homemade router to see if it works better or if I need to check with any service that can hold a proxy or something that can take a attack.

Thanks for the help!

  • 2 weeks later...
Posted (edited)

You could test if its the bandwidth or the router. If youre under attack. Just run a quick speedtest. ( like speedtest.net ) if that shows low speeds. ( esp upload ) Then its your bandwidth and then there's not much you can do. Otherwise if thats still high enough. then it could be the router.

P.S. Run a test before any attacks to have a base comparison.

I just put my own server online. And that got a pfsense fw in front. It seems verry decent and easy setup.

Edited by GuardMoony
Posted (edited)

Depending on the magnitude of the DDoS attack, your bandwidth can get crippled very quickly. And as you stated in your post "my router gets a little slow", that could be one of the reasons why the player's voices are sounding like robots.

Also, one way to minimize the effects of the DDoS attack, is using a Load Balancer hardware. You could build your own with Untangle or Pfsense both support this feature.

But it requires an additional Internet connection to load balance the traffic.

Just a suggestion.

Edited by Infiltrator
Posted

Depending on the magnitude of the DDoS attack, your bandwidth can get crippled very quickly. And as you stated in your post "my router gets a little slow", that could be one of the reasons why the player's voices are sounding like robots.

Also, one way to minimize the effects of the DDoS attack, is using a Load Balancer hardware. You could build your own with Untangle or Pfsense both support this feature.

But it requires an additional Internet connection to load balance the traffic.

Just a suggestion.

Heh. Most of my clients won't even pony up for a second wan connection, and some of them are townships/cities!
Posted (edited)

Heh. Most of my clients won't even pony up for a second wan connection, and some of them are townships/cities!

Well, I can understand that.

It would be pointless for an average home user to have a second WAN connection. Unless, you are offering some kind of cloud service, that needs to have some kind of redundancy in place.

In addition, not many users will be able to afford the price of a second WAN connection.

Edited by Infiltrator

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...