I spent multiple days getting SYN flooded to the point my router would crash and reboot over and over, and it stopped the moment I set up cloudflare and asked my ISP to change my IP. This was the instance which pushed me over the edge, but there had been smaller attacks lasting a few minutes each for years leading up to this.
What kind of router to you have? A good router should not crash from any amount WAN traffic.
But yes, if you host anything you will get scanned even harder than usual.
It’s only got a DMZ mode where I can configure it to forward all incoming traffic to my own router running behind it, but even in that mode it still has to NAT all the packets. IPv6 traffic seems to get forwarded along without much (if any) additional processing, but for hosting stuff publicly I would obviously need to expose IPv4 as well.
There are better ISPs around, but my parents (who are the ones paying for it) don’t want to switch providers because… reasons? At any rate it isn’t happening any time soon, but once I move out I’ll finally be able to switch to Init7 and be done with it all :)
Is you homelab getting ddosed constantly?
I had had it for years and never ever got ddosed.
Are you sure it’s actually ddos and not just the typical bots scanning for vulnerabilities? Which are easy defended for by keeping updated.
It’s weird as a DDOS is not something that’s just happens, it’s a targeted attack. It’s a rare occurrence that someone decided to attack a homelab.
I spent multiple days getting SYN flooded to the point my router would crash and reboot over and over, and it stopped the moment I set up cloudflare and asked my ISP to change my IP. This was the instance which pushed me over the edge, but there had been smaller attacks lasting a few minutes each for years leading up to this.
What kind of router to you have? A good router should not crash from any amount WAN traffic. But yes, if you host anything you will get scanned even harder than usual.
A shitty ISP-supplied modem/router which I have to use :|
Maybe you can enable bridge mode on it? Then you could run something like opnsense behind it.
It’s only got a DMZ mode where I can configure it to forward all incoming traffic to my own router running behind it, but even in that mode it still has to NAT all the packets. IPv6 traffic seems to get forwarded along without much (if any) additional processing, but for hosting stuff publicly I would obviously need to expose IPv4 as well.
Where are you? I bet there’s at least a few local ISPs that would allow you to use a user-supplied router.
There are better ISPs around, but my parents (who are the ones paying for it) don’t want to switch providers because… reasons? At any rate it isn’t happening any time soon, but once I move out I’ll finally be able to switch to Init7 and be done with it all :)