[Achyan2000]

I created a l4d2 server two days ago since one of my friend wanted to play l4d2 with me. and before it, i was running a csgo server, and csgo server is my main purpose. but few hours ago My l4d2 server just got DDoS attacked, and the server was shutdown by the cloud server provider for 5hours. i didnt realize that a normal, small, new l4d2 server Could be attacked, my public csgo server was fine for nearly half year. so i'd like to know what's the most basic requirements for ports/IPs to open for these two games? besides such port like 27015. i want to close those i dont use.
-----------------------------------------------------------
i dont use mysql;
i dont have any website or online apps on the cloud server;
i just want my server showing in the lobby and people are able to join it;
and the steamcmd update function not being affected;
also the remote desktop windows function being able to use(or not, i dont really need to check my cloud server everyday).
-----------------------------------------------------------
ps.date peak of the attack is near 20g, ive asked the server provider, the cheapest ddos attack protect service they offer is almost 3500$ per month, so plz not to try recommend things like this, i cant afford... im just a normal csgo player and love to play against bots with my friends...
and if you guys got any other useful suggestions plz let me know it, thank you!

[DarkDeviL]

Firewall'ing your server won't prevent any DDoS attacks from happening, DDoS attacks are as the name says "Distributed", meaning the attacks are from many different sources.

Normal "local" ACL / firewalls can't cope with such things, they needs to be filtered as far away from you sever as possible, BEFORE the bad traffic actually reaches your server.

But what you see is quite often the price of what it costs, and even if you pay the price, you are often not guaranteed that they are tailored specific for "game traffic". A DDoS filter that are tailored to e.g. protecting HTTP (web traffic), and keeping web sits alive while under attack, won't really do anything useful to help keeping your "game traffic" alive while ignoring the bad traffic.

And unless you are paying for a such service (that actually works, and where the attack isn't too big anyway), you're very lucky that they only nullrouted you for 5 hours. Others in the business are doing it from 24 hours and up towards the time frame when you finally contact them manually.


When you're firewalling things, you are quite often firewalling only the inbound traffic to your server, and if this is what you do, all you need to open is actually the game port, that you are listening on (e.g. "-port" from the command line), and most often you only need the UDP port (and not TCP).

So e.g. if your server is listening on port 27015, then only open UDP 27015.

TCP can be required if you run things like e.g. SourceBans or other things accessing RCON, but then only open that one from specific source IP addresses, and not "the whole world".


Creating firewalls on your server will NOT help you at all, with 20G DDoS attacks, those needs to be mitigated at the edge of the network, not on each individual server or virtual machine.

It sounds like people are having success with OVH (OVH, SoYouStart, Kimsufi) servers and their DDoS protection though, so depending on your location, switching to one of those could maybe be a better option for you.

[Achyan2000]

Quote:

Originally Posted by DarkDeviL Firewall'ing your server won't prevent any DDoS attacks from happening, DDoS attacks are as the name says "Distributed", meaning the attacks are from many different sources. Normal "local" ACL / firewalls can't cope with such things, they needs to be filtered as far away from you sever as possible, BEFORE the bad traffic actually reaches your server. But what you see is quite often the price of what it costs, and even if you pay the price, you are often not guaranteed that they are tailored specific for "game traffic". A DDoS filter that are tailored to e.g. protecting HTTP (web traffic), and keeping web sits alive while under attack, won't really do anything useful to help keeping your "game traffic" alive while ignoring the bad traffic. And unless you are paying for a such service (that actually works, and where the attack isn't too big anyway), you're very lucky that they only nullrouted you for 5 hours. Others in the business are doing it from 24 hours and up towards the time frame when you finally contact them manually. When you're firewalling things, you are quite often firewalling only the inbound traffic to your server, and if this is what you do, all you need to open is actually the game port, that you are listening on (e.g. "-port" from the command line), and most often you only need the UDP port (and not TCP). So e.g. if your server is listening on port 27015, then only open UDP 27015. TCP can be required if you run things like e.g. SourceBans or other things accessing RCON, but then only open that one from specific source IP addresses, and not "the whole world". Creating firewalls on your server will NOT help you at all, with 20G DDoS attacks, those needs to be mitigated at the edge of the network, not on each individual server or virtual machine. It sounds like people are having success with OVH (OVH, SoYouStart, Kimsufi) servers and their DDoS protection though, so depending on your location, switching to one of those could maybe be a better option for you.

Thank you so much for your reply!
I see what you mean. and well, I'll just set a password or restrict the server to steam group join only next time i start a l4d2 server.
about half hour ago, I solved this problem by creating a custom disk mirroring of the server and cloned it to a new could server, and the new server works perfectly; all i need to do now is to tell all my friends the new address of it. and maybe after days the previous one can go through all these...hopefully.
Anyway, thank you! Mr.DarkDeviL, i can really learn something from your reply.
and if anyone else running a server sees this thread, take care, hope same things no gonna happen to you...my best luck to you!