pfSense Support Subscription

Author Topic: CS:GO DOS FIREWALL  (Read 302 times)

0 Members and 1 Guest are viewing this topic.

Offline xkaas

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
CS:GO DOS FIREWALL
« on: December 19, 2017, 05:55:19 am »
Hi!

I run a cS:GO server with pfsense infront of it.

I am having issues with DDoS. Our provider does provide Anti-DDOS for most attacks, but some called "VSE" goes through.

My table size looks like this:

https://prnt.sc/hph3xs

https://prnt.sc/hpgvk7

https://prnt.sc/hpgv39

The attacks still get through... Is there anything I can do to block them? They keep hogging the CPU and table size

Offline GruensFroeschli

  • Little Green Frog
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 5443
  • Karma: +86/-3
  • No i will not fix your computer!
    • View Profile
Re: CS:GO DOS FIREWALL
« Reply #1 on: December 19, 2017, 06:10:28 am »
pfSense is a firewall not a (D)DoS protection service.
We do what we must, because we can.

Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

Offline xkaas

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: CS:GO DOS FIREWALL
« Reply #2 on: December 19, 2017, 09:56:39 am »
I know.

But not a very good one then. I dont want it to filter DDoS.
I was digging for something like "Packet lenght" or packet size filtering, as most of these attacks hit the same limits.

I've blocked all ports - But it still hits... That's why (And many apparently blame PFSense).


Offline dotdash

  • Hero Member
  • *****
  • Posts: 1929
  • Karma: +99/-3
    • View Profile
Re: CS:GO DOS FIREWALL
« Reply #3 on: December 19, 2017, 12:12:04 pm »
If the attacks get through the providers 'DDoS filtering' then they are on your pipe. The firewall blocks traffic from passing through the firewall. It still hits the outside interface and you still have to deal with it. If you think pfSense is a lousy firewall because it doesn't block DDoS, then you are unclear on the concepts, but feel free to try another firewall and see how well it works for you.

Offline KOM

  • Hero Member
  • *****
  • Posts: 5508
  • Karma: +681/-23
    • View Profile
Re: CS:GO DOS FIREWALL
« Reply #4 on: December 19, 2017, 12:23:29 pm »
If you could mitigate a DDoS with a firewall then it would not be the problem that it is.

Analogy:  your doorman (firewall) won't let bad people into your house, but he can't stop them from knocking on your door to begin with.  You would need the city's (your ISP) help to keep them off your street.

Offline chpalmer

  • Hero Member
  • *****
  • Posts: 1786
  • Karma: +93/-3
    • View Profile
    • Home of Cablenut
Re: CS:GO DOS FIREWALL
« Reply #5 on: December 19, 2017, 07:28:36 pm »
Quote
Our provider does provide Anti-DDOS for most attacks

So your provider cannot stop the attacks.  They are still not to blame..  Just inefficient.

Truthfully the fault lies with those leveraging the attacks. 
P.S. statements made by me are not necessarily condoned by the management of this fine organization.  http://badmodems.com

Offline xkaas

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: CS:GO DOS FIREWALL
« Reply #6 on: December 20, 2017, 10:12:28 am »
So,

To let you guys no, NO, I dont expect PFSense to "filter" DDoS attacks for me.

However, my ISP uses ArborNetworks, and most attacks get filtered without no issues.

The kind of attack hitting me is VSE (Valve Source Exploit)

These attacks uses spoofed IP's, pretty much, they hit the internal IP on port 27015 (A CS:GO server)

If I block the port, I can see how it denies the traffic (please note that from now on, the internet is working fine and nothing is touched by the attack)

However, when I unblock the port, it doesn't work.

I was looking for maybe trying to block everything outside of my source country (Where all connections are made, no other people are getting in from other countries)
Or some packet lenght block / String block, as 99% of all of the "connections" made have the same lenght.

I know there's no real "filtering" for this other on ISP level, however, I hope there's some fix to this for now, as my ISP wont be able to make the rule from their side without a quite large payment (Greedy guys)

Thanks everyone who helps.

Here's a little gif of what I see when I refresh the firewall rule page of the block rule :)

https://gyazo.com/dbe1f270006011f786fcb7da4e45f964

(refreshing)

Offline dotdash

  • Hero Member
  • *****
  • Posts: 1929
  • Karma: +99/-3
    • View Profile
Re: CS:GO DOS FIREWALL
« Reply #7 on: December 21, 2017, 09:19:20 am »
I was looking for maybe trying to block everything outside of my source country (Where all connections are made, no other people are getting in from other countries)
pfBlockerNG can be used to block/allow by source country.

Offline leungda

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: CS:GO DOS FIREWALL
« Reply #8 on: December 30, 2017, 11:00:15 am »
install package suricata for IDS