network image

It’s a very strange use but sometimes, it can save time and money.

Big picture about the attack

You’ve few dedicated servers (not OVH) and you’ve DDOS attacks.
Firstly, you call your provider and pay for anti-DDOS protection but it’s not accurate.
What can you do ?

OVH to clean ingress

It’s very strange but OVH is the company with 2 anti-DDOS technologies that work very well : Arbor Networks & Tilera. This combo is the most powerful to kill DDOS.

What can we do ?

It’s a strange but working solution :

  • We move all dns entry (toto.domain tld) to OVH IP
  • Iptables’ll route input traffic to your dedicated server (not OVH)
  • client receives reply directly by dedicated server (not OVH)

Action !

Sysctl

We need to activate IP Forwarding

sysctl -w net.ipv4.ip_forward=1
echo "net.ipv4_forward=1" > /etc/sysctl.d/forwarding.conf

Output

Now, it’s time to do MASQUERADING for output traffic

iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE

Input

It’s where we do magic

iptables -t nat -A PREROUTING -d IP_OVH -j DNAT --to-destination IP_NOT_OVH

Persistent

We need that iptables rules survive after a reboot

apt-get install iptables-persistent -y

Conclusion

It’s not a magic solution but can help in some way. In addition, don’t forget to harden your kernel and other configuration to survive.

You can be interested by : Migration to nftables : from ipset and bogons