following the setup of the protections against attacks on the UDP layer, the last 24 hours we didn’t have to intervene to protect our infrastructure. We received around 10 usual attacks which didn’t have any consequences for our customers.
So we think that the settings that are now in place are correct and sufficient. Quickly done, well done.
Yay! Let’s hope it lasts
- we’ve put in place a protection on all incoming traffic to our network: We limit UDP traffic to 50Mbit/s per source IP. This means, any given source IP on the internet can only send 50Mbit/s of traffic via UDP at the same time.
- We’ve put in place a limitation on the routers of the datacenters: We limit UDP traffic to 50Mbit/s per destination IP. This means, any given IP in our network can only receive 50Mbit/s of UDP traffic from the internet at any given point in time.
Just a reminder of the protections that are already in place (for the last 2 years):
- We limit ICMP and TCP/SYN traffic to 32kbit/s per source IP to our network (with a few exceptions).
There are no other protections in place, and we’re not planning to add any.
We’ve had interesting feedback from some of the customers that were being attacked that we’re happy that this is over. I believe that these additional protections offer a nice added value to our service and the services our clients offer, as it provides higher resilience. Doesn’t matter if it is a game server, a website, or just a VPS, receiving a DoS attack from a competitor is not nice. With Flosoft.biz you are now protected against the mood of your competition.