If your game uses tcp microfragments (like a lot of DDoS tools use), then FloodGuard is probably going to drop all of your connections. This is not the case with most games. Most of the games that we've seen here at SM use normal, full-handshake TCP and present no problems at all.
If your game uses normal UDP, again no problem. If your game uses malformed datagrams or if your game clients randomize their source addresses, FloodGuard might see that as a spoofed attack or as malformed DoS traffic.
By far, most games play well with FloodGuard.
Currently, FloodGuard's interface only allows for administrative connections.
We are working on a way to get some graphs out to our customers, either live in Orbit, or mailed to the customer every day. We're also working on an automated e-mail routine that will email or create a new ticket when DoS / DDoS is being blocked for a particular customer.
Why wouldn't SM have that in place before we rolled out FloodGuard?
Because we wanted to get our customers some relief form DoS / DDoS as quickly as possible. We could have waited, but as I compose this post there would currently be five customers down due to DoS. I thought the protection should come first, and decided to deal with the graph requests after that. We're working on it.
In the meantime, I'm having my team open a notification ticket when FloodGuard blocks a major DoS for a customer. (nb: MAJOR DoS, not each and every little "love ya" blast from Korea or Russia that FloodGuard ends up blocking.)
There are -exploits- and -system weaknesses- which are not DoS, and which FloodGuard can not and will not protect you from.
Example: FloodGuard will not detect or stop a web-based SQL attack. If you're running a mis-configured (or sometimes default configured) IIS© server fed by MS©-SQL©, an experienced person can rain all over your lovely garden party by causing thousands of SQL connection requests to run your server out of resources.
Result: Server down, HUGE number of connections. No direct DoS involved.
***Craig climbs on the security soap-box***
FloodGuard is meant to suppress DoS / DDoS. It does that very well, but FloodGuard needs to be part of a "layered" approach to server security.
- USE FLOODGUARD to handle the DoS.
- GET A HARDWARE FIREWALL to stave off major mischief, or at a very minimum use a software firewall to filter your ports. Let your hardware firewall sit in front of your server as a BFB (Big Fine Brick) to soak up the abuse.... That's what it's for. Open only the ports you really need. If you want advice on ports, just ask us. Use OS hardening to secure the few opened ports on the server.
- HARDEN YOUR O/S to make your system as difficult to abuse as possible, and to secure the ports you have opened on the firewall. (This is absolutely THE BIGGEST thing I see customers routinely overlook.)
- USE TRIPWIRE to track changes to your system and to detect intrusions.
- USE HOST-BASED intrusion detection to alert you to attacks on your server and to deny the source of the attack.
- RUN ANTIVIRUS SOFTWARE. This is especially important for Microsoft© users. Antivirus software is a must on Linux because it usually checks for rootkits and trojans whether they're running or not.
- LOG AND AUDIT critical system processes. This is part of OS hardening, but some of it is separate as well. A server admin can never log enough. Be suspicious of your users. You'll never know who's doing what on your server unless you log, audit and review.
- KEEP YOUR SYSTEM UPDATED Either through SM's update service, or by running updates yourself. Verify the integrity and source of updates before installing them. Once updates are installed, re-check your configuration files for any updated services and make sure that you are happy with any changes in them. Some updates require daemon restarts or system reboots so make sure that you restart the daemon or reboot the machine, so that the updated service / kernel / daemon is running.
- PERFORM VULNERABILITY SCANNING regularly, to spot check the actual condition of your server.
***Craig climbs off of the security soap-box***
SM has these services available for you, or you can do them yourself if you have the time and experience......... But by all means, DO it.
SM can either help a little with some advice and good links in the forums, or you can task SM Support and Security with all the server administration.... or anything in between....... There are just some things that have to be done (and kept up with) to make a server efficient, profitable AND secure.
I'm sure that almost everyone here has me pegged (correctly) as a Linux zealot. Well, It's true.
That being said, I keep hearing customers say how Linux is Soooooo much more secure than Microsoft© Windows©. That can be true, but while Linux CAN BE MADE Soooo much more secure...... you actually have to do the work to get it there.
Almost nothing is secure "right out of the box" with a minimal amount of configuration, and ABSOLUTELY nothing remains secure without watchful administration.
The day *may* come when all we have to do for a secure server is pop open the box of Linux software, add a can of beer and shake well. Poof! Instant secure server!
......But we're not there yet.
Hope that answers some questions, or at least mildly entertains the admins.
Thanks!
