Do not use firewall to deal with CC attacks

Content Abstract: When a server is under CC attack, the legendary server will shut down Port 7000 because the fault has been blocked, run the netstat-An command to view the server symptoms when the same record is under CC attack.

When a server is under CC attack, the legendary server will shut down Port 7000 because the fault has been blocked, the command netstat-An shows the same record as the following:

... 7000 219.128.90.43 3741 syn_received

Among them, 219.128.90.43 is the proxy attack IP address, and syn_received is the attack feature. There are many such records. Different proxy attacks

Determine the corresponding method taken after the CC attack: when other types of DDoS attacks are excluded, IP policies can be set for CC attacks to deal with the attack. Take the IP address 219.128.90.43 as an example, we use an IP address block to defend against attacks (as if someone on the Forum asked me how to block the IP address segment. Here we also provide Method )

Open the local security settings, click "IP Security Policy, on the local machine" -- create an IP Security Policy -- next -- enter the name, for example, enter block, and then click Next, the prompt is, until it is finished. At this time, a policy named "Block" is created.

Next, "IP Security Policy, on a local machine "-- Management IP Filter table and filter operation ---- add 75.156.25 name (to identify the IP segment) ---- add ---- next ---- select a specific IP subnet as the source address, change the IP address 75.156.25.0 subnet mask to 255.255.255.0 ---- next step ---- select my IP address as the target address ---- next step ---- Protocol Type: Any ---- next ---- close all

Next, we start to create a policy named "Block". Click "attribute"-"add"-"Next"-"Next ". Network Type select all network connections ---- next ---- the prompt is displayed ---- go to the IP address filtering list, click the options we just created named 75.156.25 ---- next ---- select block ---- next to finish and close

Finally, click "Block", right-click and assign. So far, we have blocked the network segment starting with 75.156.25. Of course, the attack on the IP address 219.128.90.43 is also blocked, if you want to block attacks from other IP addresses, you can use this method to completely prevent CC attacks. The trouble is to manually view the attack's proxy IP address and add an IP policy.

In fact, the IP Security Policy and IP Security Policy are applied. Function Very large, but many people do not pay attention to this practical function.