Donator Member
  • Content Count

  • Joined

  • Last visited

  • Feedback


Community Reputation

5 Neutral


About Nik

  • Rank

Profile Information

  • Current Mood
  • Gender
  • Country

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Application layer ddos protection that works only for windows? o.O? I mean, kudos for supporting this crappy OS which shouldn't be used for servers, but one can get only so much from it... OVH ddos protection is protecting you against huge ddoses, but small ones might be considered for normal traffic, therefore are passed to the gameserver. Since most of the gameservers have very bad network management, they get pwned by above than normal traffic, which OVH still considers as normal traffic. In such case having an extra application that can filter-out bad traffic might work, but its a very limited case. Its enough for a smart guy to craft a better attack and this kind of protection becomes not so useful. That being said, on windows you will meet nothing better than an application-layer protection, which is not great, at all - you will need more powerful PC to protect against attacks compared to using Linux/BSD with proper firewall settings. In many cases iptables/netfilter/pf will filter out bad traffic orders of magnitude faster than windows. If you are helpless person who is still running l2 server on windows and you have enough money and lack of knowledge to afford such protection, then go on, take the gamble and hope this kind of protection works, otherwise I suggest you to start running your servers on a proper server OS like Linux, BSD, or whatever, its not that hard to do so, the only hard part is configuring your firewall. P.S. I have no idea if this guy is selling snake oil (scam) or is selling a real, working product. I do not suggest you to buy it or not buy it, I just tell you from experience the point of this topic.
  2. Just run cmd.exe (not PowerShell crap) as administrator and start l2.bin from there lol. Edit: nvm, this works on windows versions below 1809... windows ruined another thing yet again.
  3. Was? So its no longer attacked I assume. Your solution might only prevent very few gbps and mpps ddos. The server is still lucky to not get a bigger ddos. And until mitigation kicks on, I can still down your proxies. Sure, once mitigation kicks on, you would be safe, but I can attack you again when your mitigation turns off and constantly harass your players by disconnecting them from every proxy. Good, its not as horrible as I thought. But still, its a far cry from what it should be. While an in-kernel solution would have multiple times less overhead. The OS still needs to initialize the connection before it goes to your app, which means the machine where your proxy is hosted on is very vulnerable when it gets spammed by connections. An in-kernel solution can prevent initialization of connections, which in turn doesn't waste precious system resources.
  4. Okay, we get it. Its just simple reverse proxy that has one good feature and that is the ability to change proxies while ingame. Please do not advertise that thing as having the ability to protect against ddos attacks. It doesn't. It just hides the gameserver IP so the attacker cannot directly attack it. Its enough for a smarter attacker to lightly attack all of your proxies concurrently, just enough to not stress them too much, and those proxies will pass on the traffic just as if its a normal traffic, thus reaching the gameserver without any problems. The concealment of the real IP of the connections coming to the gameserver is working in favor of the attacker btw. Saying that your solution requires no additional firewall and whatever settings is just outright laughable, further nailing the fact that once you get attacked by a ddos, the whole solution will crumble down. So yes, you've created something that may route players traffic to a lower ping route. Nothing more, nothing less. There is no protection, it just conceals the gameserver and players' IPs. If you really think your solution offers any kind of protection, fell free as @Tryskell said - test it on a real, live attacked server. P.S. Yes, we do talk about NAT and tunnels, because it is the proper way to go if you want to offer any kind of basic protection. But of course, they alone do not offer the real solution, thats why firewall rules come into play after setting up proper NAT.
  5. By lower level I meant lower network level. And yes, I tag team in order to show him something funny. We do really enjoy reading funny mxc stuff. The funniest part is that I try to explain where your mistakes are in your "protection", yet you think your solution is top notch and has no problems at all. And yes, my "archaic" solution is 5 terminal commands per machine, yet you've managed to make a whole app to do similar thing, just much worse xD Oh, and thanks for that disclaimer, its nice comedy.
  6. OOOOOOOOOOOOOOOOOOOOOOOOOOOHHHHHHHHHHHHHHHHHHHHH So its just a higher level application that is trying to do stuff that can be done at lower level. I thought you had implemented it at a lower level. That would explain why you have no idea of what I talk about. @UnAfraid we are not 2008 anymore, its time to drop your GRE tunnels and iptables rules and start using this solution!!!
  7. So basically you call your service "proxy" and that service connects the gameserver and the remote VPSes, players connect to an IP that belongs to one of the VPSes and your service relocates all the traffic of the player from the VPS to the gameserver?
  8. Even if its not present in some servers, that doesn't mean the solution should be separate from the server. It can be easily integrated taking examples from l2j. Next, saying that its a reverse proxy means nothing. You just did a bad routing. If preserving real IP was impossible when routing, internet wouldn't be able to function. Next, if a proxy stops pinging properly the main server, how can it transfer its players, since it can't even ping the main server? xD Next, the extra features are just extra sugar added. If the program cannot achieve its main purpose, why does anyone need the extra features? Also nearly all of those features can be done with simple administration setup. Port hopping? Why would anyone need that? I have all my proxies connecting to my main server at port 7777, there is no need to have extra ports. Explain me, why do I need those extra ports? You've just added an extra feature to resolve the issue of your poor routing, which needs extra ports... I would also like to know the difference between reverse and tunneling proxies and why you've chose one over the other. "Unless the proxy server that's being attacked doesnt go down in an instant." Yeah, thats the fine line between a bad program and a good program. There are no "unless this happens..." in a good program. Basically your program becomes totally useless if you get one decent ddos thrown at your server. My question is, whats the point of the tons of features that your program has, if it cannot do its main purpose and that is to protect the gameserver properly? Also saying that there is nothing more you can do about the flaws is just very bad practice. There is always something you can do to fix a flaw. I already have much better private solution which I cannot share. l2jserver's configuration is the base of the idea. The rest is up to the person to create the infrastructure behind it. That was the main idea we had in mind with @UnAfraid when we did that config for l2jserver. We used such solution for nearly 10 years. The only thing that had to be done is that which is not part of the gameserver, basically creating tunnels for every proxy and source routing the data from there. This is why I keep telling you that you are wrong. You just have made a fancy program that ignores the necessary system configuration that must be done for a proper protection. It just creates the illusion of safety until an attacker comes.
  9. Traditional proxy selection Not sure why you've included that, Its already present in l2jserver configuration. I wouldn't rely on some unknown program to do that for me. Autoproxy Its cool, but giving players the choice of proxy is even better. Keep in mind that closest location is not always properly routed, so you might have better ping at a farther location than a closer one. Shortcomings: The said possible usages are already covered by the default configuration present in the l2jserver where you can setup multiple gameserver listings listening at different IPs, but relocating to the same gameserver instance. Even having such proxies hiding the real gameserver ip, they do not offer any solution if they are not configured properly. If a proxy gets DDOSed and it proxies all traffic as usual, it would just send the DDOS traffic to the gameserver nevertheless... ugh. So a knowledgeable person who is able to setup a proper proxy VPS is required to fully benefit from this. Apart from that, sure, maybe you can detect if a proxy is stressed, but do tell me please, how can it transfer a player to another proxy if the machine is stressed so much that is not responding to anything? At huge attacks, you can't even make a ssh session, how do you think your request to change proxy server to all players is going to reach them? This solution only works for light attacks. Even so, even if it works, that would force players to see the loading screen which will ruin their immersion. Imagine they are at siege or some event and they suddenly get a loading screen in the middle of the pvp. Also the inability to see the actual IP of the player is yet again another sign of misconfigured proxy. You even haven't specified where this program is meant to be run. At client or at server? If its ran at the server, then its pretty much useless because nobody should rely on such a program - a properly configured proxy tunneling using l2j's default config is pretty much everything. If its ran at client, basically if every player must run it even if its in background, I do wonder how you've implemented this stuff to work. Overall you've fixed nothing. You've created a program that already offers what l2j has. The only interesting feature is the ability to switch proxy servers while ingame, but that feature is so flawed still, that is not useful to have it. You have 2 major flaws in it. The first one is the fact that you still need to be connected to the stressed proxy before you can switch to a light proxy, which doesn't guarantee at all that the player will receive the required packet that would change its proxy connection. A more proper solution will be that somehow the client listens for incoming packets of other proxies directly, in that case you do not need to wait for the unstable stressed proxy to send a proxy change request. The next flaw is that its not seamless enough. The connection change must happen instantly, no loadind screens no nothing. The connection itself should be interchanged seamlessly. That might require some kind of reverse engineering in l2 client to check if such thing is possible. If you can fix those two flaws, then you have some future for your idea. But for now, it does not provide anything new, its just fancy program does does what l2j already does itself.
  10. Yes, but you need to wait a lot and it just takes way too much time to kill a boss (example baylor needs at least 15-20 mins with such party, where the yul 2-shots him) and also RB drops are very unsatisfying, you get almost nothing from them.
  11. Unlike in helios where a donator yul can kill a whole party with 2-3 AOE skills... or even this:
  12. You need to spend at least 200-500 euro to even make a start. Without giving anything, you wont manage to even progress, because nobody will take you on instances with your poor gear.
  13. Lvl 85 is in max 2 days. Getting gear after that without donate is hard. Helios is mucho donate, so GL trying to get brooches and jewels and OP agathion and OP dyes and abundance talisman etc etc without donate on retail :D Makes me wonder what class you chose to play...