Make Arma, Not DDoS: How we defeated DDoS attacks in Arma Reforger

When we entered the Arma Reforger market in November of 2025, we noticed a significant gap in the market for effective DDoS mitigation specific to the game. Many servers were experiencing high-volume UDP flood attacks that were designed to bypass generic mitigation appliances like Corero, Arbor, FlowSpec, etc.

The dominant pattern at that time (and still is) was garbage UDP and amplification traffic designed to exhaust the server's uplink:

Excuse the usage of AI here, we haven't nailed the creativity for diagrams yet...

Imagine you had a pipe that could only handle 1 liter of water per second, and someone was pouring 2 liters of water per second into it. The excess water would overflow and cause a mess. In the case of DDoS attacks, the "water" is the malicious traffic, and the "pipe" is the server's network connection.

This brings me onto my next point: it's all well and good to say you have multi-terabit DDoS mitigation capacity, but that means absolutely nothing if you can't identify and block the attack. It's a bit like having a piece of flex tape that can patch a leak, but if you can't find the leak, the tape is useless.

Anyway, I digress...

Part 1: The first critical deployment

We were approached by a top NA community that was seeing sustained attacks causing significant downtime and disruption to their servers, making players unhappy and ruining their reputation.

To put it into perspective, players would load into the server, spend time levelling up and building their loadouts (barbies, smh) only for the server to drop out within 10 minutes and force them to start over again. This was a nightmare, both for players and the staff of the community dealing with the backlash and blame for not being prepared for the attacks. Luckily, we were!

We migrated them onto our infrastructure, built and shipped a custom mitigation profile for the game, and immediately started dropping all attack traffic towards their server — all within two hours.

The following day, the attackers tried to launch multiple attacks with varying patterns and sizes (up to 800Gbps) in an attempt to bypass our mitigation filter, but were ultimately blocked:

After this, the attackers became increasingly frustrated (understandably so) and started launching attacks towards other parts of our business in an attempt to get a reaction. However, we were able to quickly identify and block these attacks as well which had no effect on the customer.

In the end, players were happy again, and the server's reputation was saved. To this day, they remain one of the top NA servers for the game, all thanks to sleepless nights and rapid iteration on our mitigation profile that stopped their community from going 6ft under.

Part 2: The aftercare for evolving attack patterns

After the initial deployment, we continued iterating on our profile for the game as attackers continued probing for bypass opportunities, so we expanded detection depth and tightened handling for edge-case traffic patterns.

In the January and February timeframes, we observed a significant drop in attack traffic towards our protected servers, while unprotected servers continued to see high volumes of attacks. This was a clear signal that our mitigation was effective and that attackers were shifting their focus to unprotected targets on other providers that had not or did not implement game-specific mitigation properly.

Part 3: A more sophisticated wave

In March, a different type of attack started appearing, targeting our clients after repeated and failed attempts to overwhelm our network with up to 20Tbps of volumetric floods:

This novel attack vector that we identified was intentionally low-bandwidth and perfectly resembled legitimate game traffic with one goal in mind: rapidly driving resource exhaustion to cause server instability, packet loss and crashes.

This was a more complex attack to mitigate as it near-perfectly imitated the behaviour of a legitimate game client at scale (hence why it bypassed our mitigation layers), and leading up to now was the only potential attack vector that could get through our existing mitigation solution for the game.

As soon as we identified the vector (and confirming our suspicions that it was this long-awaited vector that we've been waiting for) we rapidly built upon the existing experimental solution that we had lying around for this vector that we had previously written in advance - we grabbed some players for testing from one of our clients and got it fully tested and deployed in under two hours.

Where we stand now

Our current DDoS mitigation solution for the game is now at a point where we're comfortable in saying that it can perfectly mitigate every single attack thrown at it.

It's of course an ongoing battle as always, and I'm sure someone will find a way around it at some point, but it's probably the most robust and effective mitigation for the game on the market right now, and we're proud of that.

The only thing we need to look out for moving forward is volumetric attacks that are large enough to cause capacity issues for us and our upstreams, but we're confident in our ability to handle those as well.

Thanks for reading, it's been a fun journey, and we're excited to keep pushing the boundaries of DDoS mitigation for gaming, and you can read more about our DDoS mitigation services here if you're interested.

P.S: If you're interested in protecting your clients (as a hosting provider) or your community (as a server owner) from game-specific DDoS attacks like the ones described in this post, feel free to reach out - we provide remote DDoS mitigation and DDoS mitigated game servers at affordable prices.