Is there any way to limit the incoming packets from the same IP address to X per second? We run specific types of services (game servers) on our machines, and a lot of exploits for it rely on spamming 70-100 empty packets to it.
Rate Limit Packets with Windows Firewall 2008
rate-limitingwindows-firewallwindows-server-2008
Related Solutions
I've enabled the Windows Firewall policy to allow traffic on 137 and 138, as those should be allowed - after doing some investigation it doesn't seem like there's anything untoward going on.
As for the other higher ports, I've discovered the applications on the network which are sending the other traffic I mentioned and will look at blocking them at the client-side.
Firstly, there was a lot of traffic coming from UDP port 17500 - this is used by Dropbox to discover other Dropbox clients in the network to perform network sync, thereby eliminating Internet transfer between users within the same network. We have a few staff members who use Dropbox for personal things, hence the network noise from that.
The other, 51515 was coming from Winamp on one machine. I'm yet to discover what Winamp is broadcasting like that for, but I'll post/edit soon if I figure it out.
As for removing the noise from the event log, I'll be using this command:
auditpol /set /subcategory:"Filtering Platform Packet Drop" /success:disable /failure:disable
How failure auditing got turned on in the first place - I'm not sure!
Here is Wikipedia's handy chart of the pursuit of nines:
Interestingly, only 3 of the top 20 websites were able to achieve the mythical 5 nines or 99.999% uptime in 2007. They were Yahoo, AOL, and Comcast. In the first 4 months of 2008, some of the most popular social networks, didn't even come close to that.
From the chart, it should be evident how ridiculous the pursuit of 100% uptime is...
Related Topic
- Linux – Should I rate-limit packets with iptables
- Windows Server 2008: Limit UDP/TCP packets per IP or ban
- Iptables – apache rate limit best practice
- Rate Limit Misconfigured Bots in Nginx
- Ubuntu – Limit number of incoming packets per second for a INPUT UDP port [per IP only, not globally] [Ubuntu IPTables]
Best Answer
Have you looked into Policy-Based QoS? Depending on the protocol they are sending those packets in, you could be able to limit it with that.
Here's the location of the Policy:
Group Policy Manager > Computer Configuration > Policies > Windows Settings, right-clickPolicy-based QoS> clickCreate new PolicyHere's all the values.
If they are sending the blank packets on the same port as your game runs on, this probably won't work.