2

I am administrating a Windows 2008 server (64-bit). It is being subjected to a focused set of DOS attacks where UDP packets are sent to a specific port and contain a specific string.

What I need to do is rate-limit UDP traffic to that port on a per IP basis, and specifically if I can filter by string then it will accomplish everything I want. For example, block UDP traffic from any individual IP containing string "status" if the rate from that IP is greater than 5 per sec, and allow all else.

This can be done on Linux with iptables, so is there is a way to do it on Windows, or at least get something close?

T3RCX
  • 21
  • 1

1 Answers1

3

If it's a true DoS, this isn't going to help much. The requests are still going to clog your pipe whether your server answers or not. By dropping that traffic, you're just delaying the inevitable exhaustion of resources.

To truly combat a real DoS, you should contact your ISP and ask then to drop the offending traffic while it's still on their backbone before it ever touches your connection.

That said, there is no native facility in Windows to handle this. The Windows Firewall is lacking in features when compared to iptables or pf. 2008 and 2008 R2 have come a long way, but this set of features is still lacking. You should out a dedicated hardware firewall or Linux/BSD box acting as a firewall in front of it if you wish to accomplish this.

MDMarra
  • 100,183
  • 32
  • 195
  • 326
  • Thanks for the response. If I use basic windows security to block the attacking IPs, my problem is solved except for the fact that the attacker can just change IP and continue, so that's what I really need to overcome. – T3RCX Feb 01 '12 at 22:18