I used to run an online IOQ3 server but after being DDoS’ed I stopped, I recently read in the wiki that by using the newer IOQ3 network protocol (71) and disallowing legacy protocols, that it can stop such events:
In order to harden the network protocol against UDP spoofing attacks a new network protocol was introduced that defends against such attacks.
I’m wanting to start up an IOQ3 server again, but I am concerned about the attacks causing high bandwidth consumptions again
Does anyone know if it’s ‘safer’ to use 71? instead of 68.
Yes and even I have once replied to that. It does not answer weather or not changing/using the newer network protocol (71) fixes or not the DDoS/UDP packet spoofing in Quake 3’s engine.
In order to have a fighting chance against DDoS attacks the server needs to be protected at the firewall. Although the Q3/IOQ3 engine does a good job of rate limiting some of the types of packets that offer the largest amplification during an attack, it’s beyond the scope of the engine to protect against all of the types of attacks that the server will see.
Here’s a list of preventative measures I can put in place, however these are just a guide.
1.) Always use most up-to-date test-builds (including using new network protocol)
2.) Host only one instance of Q3/related protocol service
3.) Host game on port other than the default Q3 range
4.) Use only trusted Master Servers for reporting (Maverick, IOQ3 and maybe QTracker)
5.) Don’t advertise server on forums/websites (ie, GameTracker/Game Monitor and Community Forums)
6.) Use bandwidth limiting tools to limit throughput Q3 is allowed to send/received
7.) Use quota notification software to email you once you go over a certain daily allowance
8.) Find/use a third party Firewall (Server 2012 R2 Firewall wasn’t efficient enough on last attack)
9.) Use a hosting provider that has DDoS protection/mitigation in place
10.) On that host, have enough quota so that you can step in should anything go wrong
11.) If you’re a Linux user, use IPTables to code in a script to drop malformed packets