Rust servers are prime DDoS targets. Competitive raiding, grudges, and competing server owners make attacks a regular occurrence for popular servers. Here's what you need to know.
Why Rust Servers Get Attacked
Rust creates intense rivalries. When a player gets raided or banned, DDoS attacks are unfortunately a common retaliation. Attack motivations include:
- Raid protection: Attack the server while your base is being raided - attackers disconnect, loot is safe
- Revenge: Banned players attacking as retaliation
- Competition: Rival servers attacking during peak hours to steal players
- Ransom: "Pay us or we keep your server offline"
- Wipe day disruption: Attack at wipe time for maximum impact
Attack Types
Volumetric Floods
Massive amounts of UDP/TCP traffic overwhelm the network connection. Your server's pipe fills up - legitimate players can't connect even though the server process is fine.
Application-Layer Attacks
Crafted packets that target Rust's network protocol. Fake connection requests, malformed game packets, or query floods that consume server CPU.
Connection Exhaustion
Open thousands of simultaneous connections without completing the handshake. Fills the server's connection table so legitimate players get "server full" or timeout errors.
How Protection Works
Network-Level Filtering
Your hosting provider inspects traffic at the network edge. Attack traffic is identified by pattern (source, size, frequency) and dropped before reaching your server. Legitimate traffic passes through.
Game-Aware Filtering
More advanced systems understand Rust's network protocol. They can distinguish between real game packets and crafted attack traffic at the application level - catching attacks that simple pattern matching misses.
Anycast Routing
Premium providers route traffic through multiple points of presence, absorbing distributed attacks across their global network before concentrating clean traffic to your server.
What Good Protection Looks Like
On Space-Node, every Rust plan includes:
- Always-on protection: No manual activation. Attacks are filtered 24/7
- Game-aware filtering: Understands Rust's protocol, minimizing false positives
- No extra cost: Protection isn't a premium add-on
- Fast mitigation: Attack traffic filtered within seconds
- Multi-layer: Both network and application-level filtering
What You Can Do
Hide Your Real IP
If using a reverse proxy or network-level protection, ensure your actual server IP never leaks through:
- Server browser info
- DNS records
- Plugin error messages
- Community forums
Rate Limit
In your Oxide config or server startup:
server.maxpacketspersecond 500
server.maxpacketsize 4096
These prevent individual connections from flooding the server process.
Monitor
Watch for warning signs of incoming attacks:
- Unusual connection attempts from many IPs
- Spike in query requests
- Network utilization climbing without player count increase
Have a Plan
When an attack happens:
- Verify with your host that mitigation is active
- Check if your server process is still healthy
- Communicate status to your community (Discord)
- Don't engage with attackers or pay ransoms
- Document for potential legal action
DDoS protection isn't optional for public Rust servers. The question isn't if you'll be attacked, but when. Choose hosting with protection built in from the start.
