So I have this i7 3.2Ghz 6-core dedicated server running Windows Server 2008, with a 1Gbps internet speed. Everything runs fine and nice, and the machine is strong enough to handle even up to 700 Mbps DoS attacks very easy.. no lag, no problem..
From time to time we were used to have big attacks but from only 1 or 2 IP at a time, so the CPU usage was always fine, until recently, we discovered a whole new level of DDoS attacks !
Some guy is flooding very small SYN packets, that are not exceeding 40 Mbps in total, but from thousand of IPs/botnets.. He is able to increase the CPU usage of the first COR up to its maximum, making the server almost down and not responding to RDP.. (The other 11 cors are empty, just chilling)
The TCP port that the attacker is targeting is a closed port, i think it's just the OS (Kernel in red) that's making all that mess.
I did some research, and (not sure) I think maybe the problem is something about IRQ balancing, like I need to balance that CPU usage between the other free cores..
Anyways, the big question is: Is it possible to fix this issue within the windows itself? How the hell can he kill my server with a 4% Network usage, when my server was able to stay alive even at 90% of the network usage before?! There must be a fix to this! Anyone know about balancing the 1st core to fix this? Please help with anything you have.
