This is a typical problem with game servers. Theirs a lot of people who know how to ddos who involve themselfs in this industry. I am wondering if anyone has a full proof method to block doss attacks, or whats the best method in dealing with a nonstop doss attack on a game server. Thank you

http://configserver.com/cp/csf.html

Correct me if I am wrong - but using any kind of firewall is far from optimal as it will affect the game server performance.
However a slightly less performing game server might be better then a non-responsive due to ddos ;-)

The 100% bullet-proof protection DOES NOT EXIST.
You might be able to push for 99% with high-end hardware upgrades - Which does cost fortune.

But for as an regular living beings, there is still solutions to protect ourselves.
It all depends on how strong the DDOS attacks are, and how many "zombie" computers aka botsnets you got after you. As being an game server i doubt you would need any of the high-end updates to protect yourself, since the DDOS attacks does cost quite some money/resources.

http://configserver.com/cp/csf.html might be helpful, however there are more measures you can take protect yourself.

It would be an detecting the zombie computers, and blocking them with help of snort - www.snort.org

If your connection is being flooded out, you will need talk to your bandwidth provider about either increasing its capacity or implementing a solution on their end to filter the offending traffic.

If your connection is not being flooded out, then you can explore DDoS mitigation options on your side, either in the form of software firewall rules or 3rd party hardware+software solutions. But, on a small-scale network, often it's easiest to just maintain the internal network capacity, from your transit link through to each server, so that you can simply withstand the attack. Most DDoSes are short-lived, and in the case of one that is not, you'll generally want to talk to your provider about getting it blocked, anyway, since it could be costly for you otherwise.

There is no "fool proof" method to handling DDoS attacks. You will be able to mitigate some attacks depending on their size and type and what software and hardware you're using but ultimately there is going to be a limit as to the maximum amount of data you can mitigate per second.

try using dos_deflate with bfd,you will see a magical effect on your server performance,i used it and very much satisfied with this script,

This is a typical problem with game servers. Theirs a lot of people who know how to ddos who involve themselfs in this industry. I am wondering if anyone has a full proof method to block doss attacks, or whats the best method in dealing with a nonstop doss attack on a game server. Thank you

Either null route the ip or unplug the machine. Those are your 2 choices. Any decent hacker wouldn't simply use a set of ips to slam you therefore firewalls are pretty useless for blocking this type of attack.

Correct me if I am wrong - but using any kind of firewall is far from optimal as it will affect the game server performance.
However a slightly less performing game server might be better then a non-responsive due to ddos ;-)

I've never had any performance issues, however it is a pain ill admit to configure ever single port specially if a new game comes out or whatever hehe.

I would say start with the simplest thing first...

Run an update <- so many people I know fail to do the most basic step.

then install and decent firewall, start with the one as mentioned above.

see what happens when this is in place.

start small there no point spending 29378492873497298 if doing the above steps can solve 99.9% of issues.

Restricting the ports/fire-walling is the only method to reduce the majority of your issues.

Getting DDoS'ed is not uncommon for game server providers, infact, it happens quite often due to the owners of the individual game servers start conflicts with other communities/people.

Some things can be done on the server level, however, the usual outcome is null routing the IP which can affect everyone else on the server. The best bet would be to have every server on it's own IP addresses (they are cheap enough) so if your provider works with you, you can null only that IP address and know which customer to terminate.