Question
Blackhole after DDOS. Need to disable.
- Posted on April 2, 2020
- Networking
Asked by Heisenberggg
Hi Team,
I have a droplet running a game server (Counter-Strike 1.6) and it is experiencing frequent DDOS attacks that lead to Digital Ocean automatically blackholing the droplet and makes it off-network for hours before it can be accessed again.
I have tried a few combinations of ip-tables, however, I haven’t been able to stop the attacks.
I understand that this is done as a proactive step to make sure other droplets in the datacenter are not compromised, however this is a huge inconvenience.
Is there a way blackholing can be stopped for this droplet? The DDOS attack lasts about a few minutes, however, the droplet goes off-network for hours which makes the server down for hours.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Want to learn more? Join the DigitalOcean Community!
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.
Well the above answer is as vague as it can get. Scripted responses ! I very well understand what DDOS is and since droplet goes off network, I cant even determine what sort of attack was that. It is usually a reflective dns ddos, however droplet is of no use when some attack happens. No protection and leaves you helpless. I have migrated to other cloud providers and it works great for me !
DDOS itself isn’t a single attack. It is a name that is applied to a large group of attacks, it’s like calling something “cloud”. As a result as attacks continue to change whatever is blocked without affecting your droplet or other services is immediately mitigated on our end. However, as the attacks evolve some of them may be able to get through the measures that we have instead in which case the droplet is “dropped” - which basically removes the IP, and removes the attack, the unfortunate side effect of this is that essentially the droplet is down. We are constantly improving our backend mitigation for DDOS attacks across our entire network but this is an ever evolving landscape.