Effective anti-DDOS attack methods for private servers

Source: Internet
Author: User

First declare. This setting can prevent DDOS attacks or 70% SYN semi-connection attacks. |
First, make the following settings for your machine!
Use a Local Security Policy to block all open ports that do not belong to the legend. For more information, see network,
It's just a 3000 method! Your legendary server can be accessed internally, but not externally,
Then open port 7000. 7100 7200! (Remember not to block it)
Download a hardware firewall simulation tool! (Haha, do you have this ?)
The name is MapPort port!
Open, enter the first implicit Group
7000-> 30000 (LoginGate)
7100-> 31000 (SelChrGate)
7200-> 32000 (RunGate)
Here, the 7000 7100 7200 port is only open to the outside world. It is not a legendary real port,
After being shot by the software, the legendary real port becomes 30000 (LoginGate), 31000 (SelChrGate), 32000 (RunGate)
Because these ports are only used for internal access, external access is thrown in by software from Port 7000 7100 7200, so it works properly.
Work
Remember to change the ports of the three gateways
This completes the settings ,.
Open MapPort and set it!
In security, you can set the maximum connection, single IP connection, and blacklist!
Maximum connections:
7000-> 30000 (LoginGate) is set to 40 single IP connection is set to: 20
7100-> 31000 (SelChrGate) is set to 30 single IP connection is set to: 20
7200-> 32000 (RunGate) is set to 1000 Single IP connection is set to: 20
In this way, we can effectively prevent DDOS attacks or other variant attacks!
Defends against SYN attacks!
You can set an IP address segment in the blacklist. This is troublesome!
Add nonexistent IP addresses in sequence:
193.0.0.1-193.20.254
194.0.0.1-194.20.254
66.0.0.1-66.20.254
30.0.0.1-30.20.254
This is for reference only, and there are many more. You can add it yourself.

Add a non-existent IP address or no connection to your address based on your own thinking skills! Write them in (do not be afraid, although there are many, but you can save
Storage)

After the configuration is complete, you can download a test of the anti-DDoS attack firewall,
My test is:
This is not the case. attack Port 7000! The CPU will last 100% game brute-force cards for a while, and the mouse cannot be moved smoothly,
Enter NETSTAT-A during running to prompt that the system resource is insufficient!

According to the configured attack: Port 7000,
Attack, CPU resources do not move! The game is normal!
View the log to view the blocked IP address!
Also, this can follow your standards, you can block player IP addresses on three ports!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.