Understanding the OVH Anti-DDoS GAME Protection
Why we developed this advanced protection
The gaming/e-sports industries are especially prone to distributed denial-of-service attacks. Protection solutions implemented by hosting providers often have limited capacities when faced with the intensity and frequency of these attacks, especially UDP flood attacks, which exploit the User Datagram Protocol (UDP) - the protocol use by the majority of games and voice servers.
This is why it was necessary to develop an anti-DDoS protection specifically adapted to Game servers.
List of compatible games and applications
Half-life, Team Fortress Classic, Counter-Strike 1.6, Counter-Strike: Source, Half-life Deathmatch Classic, Half-life 2, Half-life 2: Deathmatch, Day of Defeat, Day of Defeat : Source, Left 4 Dead, Left 4 Dead 2, Team Fortress 2, Counter-Strike : Global Offensive, Garry's Mod, Grand Theft Auto, San Andreas Multiplayer SA:MP, Multi Theft Auto San Andreas MTA:SA, TrackMania (+ TCP protocol), TrackMania 2 (+ TCP protocol), ShootMania Storm (+ TCP protocol), Minecraft pocket edition, Minecraft ARK : Survival Evolved, RUST, Teamspeak, Mumble.
Anti-DDoS protection tailored to your game!
To provide the best possible protection against attacks, the OVH engineers analysed how the most popular gaming platforms (Counter Strike, TeamFortress, Minecraft) and communication modules (TeamSpeak and Mumble) operate. In a lab and by looking at real user tests, they studied the vulnerabilities of these applications and documented the various attack strategies. This reverse engineering enabled them to provide a tailored response to each large game family: for each family they developed a profil, or a group of predefined rules, that can be deployed by the user in 1 click to filter illegitimate traffic flowing in and out of the UDP ports.
Two-way mitigation: a filter on entry and exit
For every type of attack, we've built a specific response closely integrated to the servers and directly integrated within the Tilera hardware. The big innovation is a filter that analyses the incoming and outgoing traffic to better identify legitimate requests. It's capable of distinguishing real clients connecting to the machine from harmful attacks. Anti-DDoS GAME therefore also plays the role of a cache and a filter for TCP/IP and UDP packets.
Details of the Anti-DDoS GAME infrastructure
Anti-DDoS GAME mitigation
A router located next to the machine analyses packets. This router treats every hosted game as a special case. For example, the router acts as a cache to relieve the router of useless requests.