As you might have noticed already by earlier posts, we’re currently still working on a version 3 of our self-built DDoS-Mitigation solution called flowShield. A beta version is already live and can be activated by API.
Beside of the integration of flexrules, which were extended by packet length and payload matching, we started implementing a advanced solution to bring gameserver ddos mitigation on a new level.
What we have done
flowShield v3 includes a so called „UDP Challenge“ mechanism for authenticating udp traffic as utilized by gameservers and clients.
Why is that implementation important?
Mitigating DDoS attacks on UDP applications has been always difficult and cumbersome. We want to close that gap and made extensive efforts to move ddos-protection for gameservers on a advanced level.
How do we achieve that?
flowShield v3 acts like a „proxy“ between client and gameserver. That means, every UDP packet will arrive and hit our filters first. The filters will validate the packet, by regulary checking the gameserver’s informations (like a real client) and respond to connections with cached payload.
The whole implementation behaves like a UDP Caching Proxy and can easily deal with even quite complex floods. Recent tests were done with multi million packet floods containing random payload while playing smoothly on gameservers protected by flowShield v3.