2

How to prevent DDoS attacks on Windows/IIS servers ?

Joseph
  • 1,726
  • 3
  • 19
  • 22
nitins
  • 2,527
  • 15
  • 42
  • 65

5 Answers5

6

There are some fairly good answers in this question

gharper
  • 5,365
  • 4
  • 28
  • 34
2

I tend to install a firewall in front of it with a limit on the number of SYN packets per second.

tomdeb
  • 709
  • 1
  • 7
  • 10
0

I understand what i write here is not a solution for you. But, i would suggest that you look at these points while selecting a Distributed DoS protection solution.

A DDoS is typically a difficult problem. You tend to finally limit the service in some way while protecting the server and end up with a denial of service any way.

If there was a distributed DoS that hit your server at (say) 100 requests per second (a very conservative figure) and your server typically saw about 10 valid requests per second. If you were to limit the requests in some way, it is likely that the valid requests would be blocked in the process, making you part of the distributed DoS operation.

A better solution would be to setup a track of number of requests per source or better, a source subnet, and started blocking or limiting the sources that cross some thresholds.

nik
  • 7,040
  • 2
  • 24
  • 30
0

If the DDos hits your server, it is too late. You have to put a protection in front of your server. As mentioned, a lot of firewalls have built-in protections against DDos. For a cheaper solution, you could put a Linux or BSD box in front of your computer with a specialized distribution. Check out this page for some of these distributions

Julien
  • 1,028
  • 1
  • 12
  • 24
0

Maybe the following software will help you: http://www.helicontech.com/ape/doc/mod_evasive.htm

But hardware protection is more effective, I think.