So I’ve run this OS and server before and it went pretty smooth i easily directed my DNS to it but still someone managed to find my IP address and with that they found the general location of where i lived, and i’m worried about DDOS attacks so is there a way i can effectively hide my IP address from the public and prevent DDOS attacks or is it pointless and i should just run the server without and sort of proxy or vps / vpn
Ip-adresses cannot be hidden easily, without removing its accsess to the internet. A DNS-entry is merely a translation table that takes a human friendly web-adress and translates to an IP-adress (and if necesary port number).
I would not worry about Ddos attacks, since it will be your ISP that has to deal with it. Then again consider this: how large server du you run? Are you really that interesting for anyone to DDOS? What would they gain from DDOS’ing you?
If my IP and server got DDOSEd, I would merely take them down, and let my ISP deal with the attack. I would also request a new IP-adress from my ISP.
in the case of no one finding your general location or country, please find this link useful: http://www.noip.com/
there are several services of this type that are free. (google free DDNS). for example:
this should also take care of DDoS attacks.
Okay that’s good to know my server is only 50 people not that big if the isp has to deal with it then i guess i’m worrying a bit too much thanks for the help
- Your server has a private IP address.
- Your gateway/router has either a static (pre-defined) or dynamic (adhoc allocated) public IP address.
- Your router has a firewall with a port forwarding to your server and a reverse packet mangling cache.
Your options for limiting a potential attack are dependant on your network infrastructure.
If your internet connection has a big enough upload pipe and your firewall has the hardware resources to cope with the extra processing load then a VPN for your 50 odd clients may be an option. This has many potential benefits for you, including opening up private web services. The main impact of this though is with the simplification of your gateway’s public presence. Any connection attempt other than through a secure handshake/key could be dropped, ignored and potentially upstream (ISP) blacklisted.
If you don’t go the VPN route (pardon the pun) other options are still available including third party proxy routing, IP packet tagging, port obfuscation, public IP round-robin, a stealth (MAC) firewall and basic packet dropping or upstream blacklisting services. The potential for intrusion is greater this way simply by the access available to the key-hole port but that can be aleviated by means of IP whitelisting or IP packet tagging.
Your clients tunnelling through a VPN SSL connection would be best but that does incur larger data size and greater firewall processing overhead. It also means clients would need to start SSH connections to your firewall then port forward their “localhost” minecraft port through the tunnel.
Not sure if this helps any.
Actually that helps a ton it was a long but good explanation I’m not sure how to or really what port obfuscation is but I like how you put the rest of it if the ISP will most likely blacklist the attack and therefore mitigate it then I won’t worry too much and the network, the server is port forwarded and I have a router with a static public IP yeah I don’t have much upload speed to work with so I think I may just have to leave it be public behind the website sub address