How I can limit UDP/TCP packets per IP send to my host (or better PORT) per second or minute ?
Would be nice to ban that IP for 12/24 hours or even for ever.
I got Windows Server 2008 and I'm very poor in Windows administration but quite good in Linux.
EDIT:
By basic problem is that They sending a lot of rubbish UPD and TCP packets.. TCP packets without SYNCH, fragmented UDP packets so my servers stop responding..
So I need to cut off users (IPs) sending more than X packets per second. I need solution witch provides me, somehow, configurable:
X packets of certain type (UDP, TCP or both – lets say parameter named Z ) are allowed to be received by IP on Y port, otherwise this packet should be DROPPED.
My virtual hosts are hosted by VirtualBox and I'm able to forward all incoming packets certain type and certain port to the specific Virtual Host, but I need to DROP them before my VirtualBox receive them.
Best Answer
To be onest with you, D-DOS attacks are very hard to remediate without creating redundanci a the network and server level and loadbalancing and blocking offending machines, even there if there is such a coordianted effort to bring you down and they have more resources than you, well, you are sol.
What i would recomend as the best solution, would be to invest money on a hardware solution to weed out bad traffic. the Juniper SRX branch firewalls support ddos protection and other cool features to protect your network at a relative accesible budget.
the second solution would be to use a software based firewall and create customs scripts that poll the network usage and reacts blocking this device.
i would recomend WIPFW http://wipfw.sourceforge.net/ wich comes from the BSD world