You're mid-raid on your Rust server. The tension is at its peak — you've breached the outer wall, the loot room is 30 seconds away. Then everything freezes. Players start disconnecting. The console floods with connection attempts from hundreds of IP addresses you've never seen. You've just been DDoSed. If you think this only happens to large streamers or esports tournaments, you're wrong. Community game servers are targeted every day — and most administrators have no idea it's coming until it's too late.

What Is a DDoS Attack?

DDoS stands for Distributed Denial of Service. The goal is simple: flood your server with so much illegitimate traffic that it can't handle legitimate player connections. The "distributed" part matters — the attack comes from hundreds or thousands of different IP addresses simultaneously, making simple IP blocking ineffective.

The machines sending that traffic are usually part of a "botnet" — a network of compromised computers, routers, or IoT devices that have been infected with malware and are remotely controlled by the attacker. The owner of those machines often has no idea they're participating in an attack.

Types of DDoS Attacks

Not all DDoS attacks are the same. Understanding the types helps you understand why different mitigation strategies exist:

Volume-Based Attacks (Layer 3/4)

These are the most common and the most straightforward. The attacker sends massive volumes of UDP or ICMP packets at your server's IP address. The goal is to saturate your bandwidth — if your server has a 1 Gbps uplink and the attacker sends 10 Gbps of traffic, your server simply can't receive legitimate player packets. The packets exist, but they're buried under noise.

Volume attacks are measured in Gbps or Mpps (millions of packets per second). Consumer-grade attacks from cheap booter services typically top out at 5–20 Gbps. More sophisticated attacks can reach hundreds of Gbps.

Protocol Attacks (Layer 4)

These attacks exploit the way network protocols work rather than brute-forcing bandwidth. A SYN flood, for example, initiates thousands of TCP connection requests but never completes the handshake. Your server allocates memory for each half-open connection, and eventually runs out of connection table entries — new legitimate connections are refused even if bandwidth is fine.

Application-Layer Attacks (Layer 7)

The most sophisticated type. Instead of sending obviously fake traffic, application attacks send packets that look like legitimate game traffic. A Minecraft server might receive thousands of "legitimate" login attempts per second. The packets pass the network layer but exhaust the game server's CPU processing them. These are harder to detect because they don't trigger simple volume thresholds.

Attack TypeLayerMethodMitigated By
UDP Flood3/4Raw volumeUpstream scrubbing
SYN Flood4TCP state exhaustionSYN cookies, rate limiting
ICMP Flood3Ping floodICMP rate limiting
Fake game packets7Mimics real trafficDeep packet inspection
Amplification (DNS/NTP)3/4Reflected volumeUpstream filtering

Why Game Servers Are Targeted

Game server DDoS attacks are not random. There are specific motivations that make community servers a consistent target:

Player Grievances

The most common cause: a player who was banned, lost a raid, or got caught cheating decides to retaliate. DDoS-for-hire ("booter") services make this trivially easy. For $5–$15, anyone can rent 5 minutes of attack traffic. No technical knowledge required.

Competitive Sabotage

Rival server owners occasionally attack competing servers to drive players to their own. This is more common in the Minecraft economy server scene, where player counts directly affect revenue from donation shops.

Extortion

Some attackers send a server offline and then demand payment (usually cryptocurrency) to stop. This is rare against small community servers but does happen, particularly against donation-funded servers with obvious revenue streams.

Opportunistic Testing

Some attackers are simply script kiddies testing tools. Your server isn't targeted specifically — it's just in the list of game servers that appeared in a scan.

⚠️ Booter services are illegal Purchasing a DDoS attack against someone else's server is a criminal offence in the US, UK, EU, and most other jurisdictions. Penalties include fines and imprisonment. If you're being attacked, you can report it to the FBI IC3 (US) or Action Fraud (UK).

Why Shared Hosting Fails Under Attack

This is the critical point that most shared game host marketing glosses over. On a shared host:

  • Your server shares a physical machine and network uplink with 10–50 other customers
  • An attack targeting your IP fills the shared bandwidth pipe for everyone on that machine
  • The host's only options are: absorb the cost (expensive), null-route your IP, or let everyone's server suffer
  • Null-routing means your server's IP is blocked at the network level — all traffic to it is dropped, including legitimate player connections
  • The null-route typically stays in place for hours, until the attacker gives up

Even if your host claims DDoS protection, on a shared machine that protection often means "we'll take you offline automatically to protect other customers." That's not protection — that's just automated downtime.

How Octohost DDoS Protection Works

Every Octohost server IP is protected by an always-on mitigation system. Here's what that actually means technically:

Anycast Routing

Your server's IP is announced from multiple network points of presence simultaneously. When an attacker sends traffic to your IP, that traffic is distributed across our network infrastructure rather than hitting a single point. The attack is diluted before it reaches your actual server.

Traffic Scrubbing

All inbound traffic destined for your server IP passes through scrubbing infrastructure before reaching the server. The scrubber analyses packets in real time and filters out attack traffic while allowing legitimate game packets through. The scrubbing happens at line rate — there's no perceptible latency increase for your players during a clean period.

Behavioural Detection

The mitigation system maintains a baseline traffic profile for your server — typical packet rates, source distribution, packet sizes. When the profile deviates significantly (as it does during an attack), mitigation automatically activates within sub-second timeframes. You don't need to open a ticket or flip a switch.

Game-Aware Filtering

Generic DDoS mitigation designed for web servers will sometimes block legitimate game traffic as false positives. Our mitigation is tuned for game server traffic patterns — UDP-heavy, high packet rate, specific source port distributions. Legitimate players are not affected during an attack.

💡 Zero configuration DDoS protection is active automatically on every server from the moment it's provisioned. There are no settings to configure, no rules to write, no additional cost. It's simply always on.

What You Can Do on Your End

Infrastructure-level protection handles the network layer. There are also things you can do at the application layer to reduce your attack surface:

Keep Your IP Private

Only share your server IP in trusted channels. If you advertise your server publicly, consider using a custom domain via a DNS A record — this slightly obscures the IP and gives you flexibility to change it if needed.

If You Stream, Protect Your IP

Network packet analysis tools can extract a game server IP from a streaming player's traffic. Use a VPN on your gaming PC when streaming, or use a stream delay of at least 30 seconds, which makes live packet capture impractical.

Log Ban Reasons

Knowing why players were banned gives you a list of potential attackers if your server goes offline unexpectedly. DDoS incidents frequently follow a ban within hours.

Diversify Your Player Base

A server that has 5 extremely active players is more vulnerable to targeted attacks than one with 50 moderately active players. A single angry player represents a higher proportion of your motivation to attack on a smaller server.

What Happens During Very Large Attacks?

No mitigation system is infinitely scalable. Very large volumetric attacks (100 Gbps+) can occasionally overwhelm even enterprise-grade mitigation. This is rare — most game server attacks are in the 1–20 Gbps range, well within our mitigation capacity.

If your server experiences sustained large attacks despite mitigation, contact our support team. We can:

  • Move your server to a different IP address (the attacker now has a stale target)
  • Apply additional server-specific mitigation rules based on the attack signature
  • Enable more aggressive rate limiting for your IP specifically

We respond within the hour. We've seen this situation before, and we know how to handle it.

Summary

DDoS attacks on game servers are common, low-cost for attackers, and devastating on unprotected infrastructure. The key takeaways:

  • Shared hosting is inherently vulnerable — your attack affects other customers, so null-routing is the host's easiest solution
  • Octohost's always-on mitigation scrubs traffic before it reaches your server, with no configuration required
  • Keep your server IP private and log ban reasons to identify potential attackers
  • If a large attack does get through, contact support and we'll move or re-protect your server

Questions? Get in touch or join our Discord.