Okay so tell me if I'm crazy here.

I run some game servers using Hetzner. Dedicated, 2vcpu. Recently some script kiddies have decided to attack my servers, using whatever bootleg lagbots they have.

I set up nftables rules to drop the traffic, but the problem is they're sending so much (~150mbps) traffic with a ridiculous number of packets to the point where even the act of filtering and dropping the packets is too much for the CPU to handle.

Apparently this isn't recognized as a DDoS attack by hetzner. Am I just fucked? The firewall contrils they provide are whitelist only and have basically no complexity. Do the nft rules just need to get moved to closer to the kernel level or something? I'm at a loss

>>105920128 (OP)
I'm reading that fucking with XDP would be a lot faster. How true is that? Or is it negligible?

>muh bootleg spambots
>meanwhile freetardo can't handle 150 mbps
can't make this shit up

lil bros using our home wifi to host a minecrap server with insufficient dedotated wam

>>105920128 (OP)
>Dedicated
>2vcpu
wat

>>105920128 (OP)
Of course Herzner doesn't call it a DoS because they're a shit provider and trying to scam you in meme bandwidth pricing. Enjoy your retard high bill. Now you know why (((Cloudflare))) exists.

>>105920354
always a (you)

Freetard discovers why cloudflare grew 1000% in six years

>>105920128 (OP)
are you sure its your CPU thats throttling? I've never heard of that in a DOS attack. Usually you exhaust your bandwidth long before your CPU. CPUs are giga fast and can process things much faster than we can send through the line.

Maybe Hetzner is lying to you.

>>105921361
yeah wtf are you talking about OP?

>>105920128 (OP)