(12-30-2018, 10:53 AM)tryp4vps Wrote: Are outgoing packets monitored as well?
It is interesting though. Your way is indeed powerful for banning all malicious activities in your whole network. Perhaps it is a bit too powerful for lower risk usages like hosting normal websites.
Is there an option to allow users to disable the ShadowCrypt MPF (Malicious Packet Filter)? For lower risk usages I feel Hetzner's Anti-DDoS should be strong enough.
ShadowCrypt's MPF is never going to block you from performing "high usage" or "critical moments" where VPS's power is used at max. It is only made for monitoring incoming and outgoing "mass malicious packets" where it detects its method, for example "TCP SYN, TCP RST, ABUSEDB", etc. It only detects & block the "ddos/dos" based packets.
However, if you want it to be put down, you can open a ticket. But for security reasons and default configuration, we cannot close/put down Hetzner's Anti-DDoS mechanism.
To be frankly honest, outgoing packets monitoring are in beta mode and if any "attack" based packets are detected by our MPF mechanism, it would suspend the VPS automatically. Or maybe not, depends on situation and detection. It has been tested against spoofing attacks where our mechanism shuts down the VPS's network if any spoofing based DDoS attacks are made from our network.