Is there a way to block DDoS attacks in Windows operating system? Any firewall or settings I can use to stop these DDoS attacks.
In this day and age, a DDoS attack is not an uncommon phenomenon. However, what matters most is the level of the attack hitting your server and are you ready for it. An operating system is equipped with certain tools that can be used to identify and mitigate the DDoS attacks. But, frankly speaking, in the case of a DDoS attack of large magnitude, it is better to be equipped with external firewalls and tools.
Here are some of the steps can you can follow that would help you in the event of a DDoS attack.
Identifying the attacks
Before you can do anything about the attack, you need to identify the occurrence of it. What it means is to prevent the attack you need to identify that you are under a DDoS attack first. The most basic command used to view all the active network connections in Windows is the "netstat" command. It can also be used to view the number of active connections on a particular port. The "netstat" command can be used with different options. Here is a reference of the "netstat" command with the sample output.
-n = Displays all active TCP connections
-a = Displays all the TCP and UDP ports with its state.
Blocking the attack - Firewall
The Windows firewall enables the user to create rules and control the inbound as well as outbound traffic. We will walk you through the process of creating rules in Windows 2012 server.
1. Click on Server Manager on the Task Bar.
2. Go to Tools Menu and click on Group Policy Management.
3. Click on Windows Firewall with Advanced Security.
4. In the navigation page, you will see an option Inbound Rules.
5. Click on the "action" option to create new rules.
6. A dialog box will be opened that will contain options like Program, Port, Predefined and Custom.
7. You can create the rules as per your considerations.
However, the internal firewall of an operating system is capable only to stop a DDoS attack of small proportion. Generally, the DDoS attack incident on a server is large in magnitude as they are incident from numerous hosts. Hence, it is recommended to use the services of a hardware firewall and scrubbing centers along with you basic firewall.