DDoS Protection : Powerful protection specifically designed to counter attacks to business and Gaming servers
What exactly is the difference between anti-DDoS Game protection and traditional anti-DDoS protection? Which mechanisms have you put in place and how did you get there?
The first stage of the process, which lasted a total of more than six months, was to establish a list of games and voice communication services based on two criteria: commercial success and their susceptibility to DDoS attacks. VeryGames, one of our customers specialising in hosting services related to video games, explained to us that there are very popular games that are rarely attacked. One such example is Farming Simulator; whose players are on average older than Minecraft players. Within our lab, we installed a selection of games on laptops and connected them to servers to analyse network packets. This allowed us to foresee the different possible attack strategies for each game. Initially, it was easier for us to use reverse engineering than to contact the software developers of each game. For a passionate online gamer, like myself, it was a bit frustrating. The idea was not to enter big gaming contests in the name of R&D. In contrast, we were only interested in the connection phase between the player and the server because this is where attacks should be detected and countered.
Next, we imagined building an infrastructure to complement the “traditional” anti-DDoS (the VAC), an infrastructure that would enable us to analyse both incoming and outgoing traffic (which is not the case with the VAC). This creates two-way mitigation. The filter analyses both incoming and outgoing traffic. Another difference is that it is constantly active, meaning the system reacts to the first packets of an attack. The goal was to ensure the server remained “playable” throughout the duration of DDoS attacks and even better, to make sure that the players were unaware of any malicious activity.
As the diagram shows, a Tilera box, situated close to the server, inspects TCP/IP and UDP packets, initiates mitigation and can act as a cache to lighten the load on the machine under attack when it is difficult to filter illegitimate packets from legitimate packets. In the event of a “traditional” attack, i.e. when the VAC knows how to mitigate, the Tilera device guarantees protection until the VAC is activated and takes over. In addition, as the Tilera is placed as close to the server as possible (at the same level as the switches), the protection works even when the attack comes from within the VL network itself. In these cases, the mitigation filters the attack until the machines located in VL that caused the attack are identified and suspended.
The Tilera hardware was chosen for its computing power. Several thousands of packets per second are screened using particularly complex algorithms, all at very high speed. Unlike the Arbor solution, Tilera hardware is delivered without software: software development on Tilera is done in-house.
The mitigation code (the algorithms) is implemented based on information collected during the reverse engineering phase. It was not possible to develop a universal mitigation code. For each large family of games (Counter Strike, Minecraft…), we instead developed a “profile”, or a set of predefined rules that users can deploy in one click on the Tilera box, (via the customer control panel) to filter, with the greatest possible accuracy, illegitimate incoming and outgoing server traffic.