Windows – How to solve DDOS attacks in Windows Server 2008 R2 / Windows Server 2012?

denial-of-servicewindows server 2012windows-server-2008-r2

  • Any software for windows
  • Writing custom (intelligent) microsoft windows firewall extension (C#/C++/C)
  • Writing custom (intelligent) firewall for windows
  • Installing nginx etc. on the same computer and use it as proxy with rules.

"You could not solve all Ddos problems with software" is not answer for this question.I want to reduce Ddos vulnarebility of my server.(It will stop low-level Ddos attacks)

Hosted solutions or cloud services are not related with this question.

Closing some of the ports and protocols via Microsot Windows Firewall is not related with this question.

Any idea?

EDIT After Questions

Low level: sample scenerio: 500 zombie clients and each of them sending 100 Custom Get/Post requests per second)

Web Application is on IIS. I want to stop attacks before they reach to IIS.

EDIT After Helpful Comment

How can the DDOS attack achieve its aim?

  • Exhausting bandwidth ( Not related with my question)
  • Exhausting network hardware of server (NIC) ( Not related with my question)
  • Exhausting server resources (RAM,CPU) (Yep, I mean this)

If you stop attacks late, then you lost more resources! (Is this false?)

  • You can stop attacks on Web Application Level (in Asp.net MVc Code or in Handler)
  • You can stop attacks on IIS (Dynamic Ip Restrictions)
  • You can stop attacks on lower levels (Firewall ..)

EXTRA INFO ABOUT THE LAST ATTACK (7 Hours ago)

When I connected server during the attack IIS Cpu Utilization was %92-%99. And when I try to connect homepage I got this error:

A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 0 – The wait operation timed out.)

Best Answer

You could not solve ANY Ddos problems with software.

Counteracting a Distruibuted Denial Of Service attack is not a software problem. It is simply your server is being overloaded with more requests than it can handle. Also it may not be your hardware that fails. If the router your ISP is providing you can not handle the volume of connections no amount of software on your server will help your ISP's hardware.

The only thing to mitigate DDOS attacks is somewhere upstream from your server you either need to filter the incoming requests before it focuses on a single server or distribute the requests across multiple servers. Both of these things are properties of Load Balancing

Think of it like a magnifying glass. Putting your hand in the sun does not hurt, it just makes it warm. However if you use a magnifing glass and focus all that area that was covering your hand to a single point it will burn you. Your server is that single point, what you need to do is put your mitigation solutions up at the magnifying glass level, if you are at the focal point of the hand you are too late to do anything.

Related Question