How to solve DDOS attacks in Windows Server 2008 R2 / Windows Server 2012?

-3

  • Any software for windows
  • Writing custom (intelligent) microsoft windows firewall extension (C#/C++/C)
  • Writing custom (intelligent) firewall for windows
  • Installing nginx etc. on the same computer and use it as proxy with rules.

"You could not solve all Ddos problems with software" is not answer for this question.I want to reduce Ddos vulnarebility of my server.(It will stop low-level Ddos attacks)

Hosted solutions or cloud services are not related with this question.

Closing some of the ports and protocols via Microsot Windows Firewall is not related with this question.

Any idea?

EDIT After Questions

Low level: sample scenerio: 500 zombie clients and each of them sending 100 Custom Get/Post requests per second)

Web Application is on IIS. I want to stop attacks before they reach to IIS.

EDIT After Helpful Comment

How can the DDOS attack achieve its aim?

  • Exhausting bandwidth ( Not related with my question)
  • Exhausting network hardware of server (NIC) ( Not related with my question)
  • Exhausting server resources (RAM,CPU) (Yep, I mean this)

If you stop attacks late, then you lost more resources! (Is this false?)

  • You can stop attacks on Web Application Level (in Asp.net MVc Code or in Handler)
  • You can stop attacks on IIS (Dynamic Ip Restrictions)
  • You can stop attacks on lower levels (Firewall ..)

EXTRA INFO ABOUT THE LAST ATTACK (7 Hours ago)

When I connected server during the attack IIS Cpu Utilization was %92-%99. And when I try to connect homepage I got this error:

A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 0 - The wait operation timed out.)

ozz

Posted 2013-05-08T22:55:43.583

Reputation: 111

Question was closed 2013-05-12T00:53:34.893

1How about important information. Apache or IIS? What version of IIS or Apache. Closing unused ports IS a solution to this problem. Your question is to broad at this time and thus the downvote. – Ramhound – 2013-05-08T23:02:25.923

1What do you consider a "Low Level DDOS attack" perhaps you are using the wrong term and that is confusing everyone. – Scott Chamberlain – 2013-05-08T23:05:57.443

Answers

6

You could not solve ANY Ddos problems with software.

Counteracting a Distruibuted Denial Of Service attack is not a software problem. It is simply your server is being overloaded with more requests than it can handle. Also it may not be your hardware that fails. If the router your ISP is providing you can not handle the volume of connections no amount of software on your server will help your ISP's hardware.

The only thing to mitigate DDOS attacks is somewhere upstream from your server you either need to filter the incoming requests before it focuses on a single server or distribute the requests across multiple servers. Both of these things are properties of Load Balancing

Think of it like a magnifying glass. Putting your hand in the sun does not hurt, it just makes it warm. However if you use a magnifing glass and focus all that area that was covering your hand to a single point it will burn you. Your server is that single point, what you need to do is put your mitigation solutions up at the magnifying glass level, if you are at the focal point of the hand you are too late to do anything.

Scott Chamberlain

Posted 2013-05-08T22:55:43.583

Reputation: 28 923

Scott I can understand you but there is no budget for it. So If we are going on with your sample I'm trying to find/produce high quality sun oil :) – ozz – 2013-05-08T23:35:37.850

I will definetely use mitigation service (cloud, cisco guard vs..) But for now I need cheaper solution. Attacks are about 100Mbit Http requests. – ozz – 2013-05-08T23:38:53.407

1There is no free/cheep solution to DDOS attacks. Your only two choices are either sit through it till they decide to go somewhere else or pay money for hardware to mitigate it. To address your edit,you have to spend resources to filter out the legitimate traffic from the bad, yea you can stop it from hitting IIS but I doubt IIS is your bottleneck at those volumes. – Scott Chamberlain – 2013-05-09T00:01:37.520

We got attacks 7 hours ago. I've connected server via Remote Desktop. IIS Cpu Utilization was %92-%99. What is your opinion about that..And when I try to open default page I saw this message: A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 0 - The wait operation timed out.) Any idea? – ozz – 2013-05-09T00:06:04.843

1

If you can identify the IP's performing the connections you may be able to firewall them. However the level of this discussion might be better suited for ServerFault. I would open a question there about how to set up a system to block IP's that are flooding the server. I know there are Auto Ban scripts for linux, but I have no idea on windows side to set that up and integrate it with IIS.

– Scott Chamberlain – 2013-05-09T01:19:08.957

Asked: 2013-05-08T22:55:43.583

Viewed: 11 441 times

Active: 2013-05-09T00:10:15.013