Hetzner Failed DDOS Firewall

ankesh · January 23, 2022, 12:03pm

Recently, someone asked my help regarding their offline server. I checked that the server was offline but OS was still ON from KVM console. When tried restarting, it stuck on Intel Boot agent DCHP client Check which was a sure sign of a DDOS attack but hetzner has a DDOS protection, then how did it happen!

It happened because an Internal Hetzner server from DC was sending packets on 5000+ UDP Ports. That simply means hetzner had a DDOS prevention from outside their network only and cannot defend servers against internal DDOS attacks. To even boot up the server, I had to apply robot firewall to drop all connections, then configured manual firewall CSF through KVM and fire up the OS again!

Just wanted to share this nightmare! (No disrespect to Hetzner, I still love their services)(At least OVH knows about their customers and has an internal Mitigation as well, though their support S**K)

mfs · January 23, 2022, 2:23pm

Could you share the DC where this happened?
Did you open a ticket with them?

ankesh · January 23, 2022, 2:33pm

FSN1-DC18 (Falkenstein)
[Ticket#2022012203011738] Server - Remote Console (KVM) Appointment
We did open a ticket first but they said they cannot do anything about it. Their proposed solution was block the IP address using hetzner Firewall and Open an abuse ticket with them! However, their KVM console was enough for me to know what was happening. (Also, blocking 1 IP won’t help in a DDOS attack )

Hetzner_OL · January 28, 2022, 4:03pm

Hi @ankesh - I am having trouble at the moment trying to track down someone who can help tell me about this ticket. I am sorry that you had a negative experience with us. We do try to improve our anti-DDoS system on a regular basis. I will try to pass on your feedback here to the right colleagues. --Katie