Using the system's own IP policy to restrict specific IP access [anti-DDoS attacks]

Detailed steps are as follows:

1. Open Management Tools ... Local Security Policy ... Right-click IP Security Policy, on the local computer ... Create IP Security Policy ... Right-click to manage IP filter tables and filter actions ... Select the Admin filter Action Bar, click Add, filter action name, (here we fill in the name of the rejection) next, will appear in a set filter action General option block, click Next to finish, and then close.

2. Right-key IP Security policy, on the local computer ... Create IP Security Policy in the IP Security Policy Wizard that appears, an IP Security policy name appears next. In name write policy name (here I fill in cutip) description can write not write, the next point, there will be a secure communication request, remove the activation of the default response rule, next, to completion.

3. In the presence of IP security rules ... Add to...... Next, there will be a tunnel endpoint. Select default this rule does not specify a tunnel, click Next, select all network connections in the network type, click Next to appear in the IP filter list, point add, a filter name, description, etc. (Here I fill in the Cutip) and click Add ... Next, there will be the IP filter description and Mirroring Properties dialog box, described at random, but the important thing is to put the mirror. Match the source address and the destination address exactly the opposite of the packet. (For safety, we want to check both forward and reverse packages simultaneously).

The most important place to come, in the presence of IP communication source address (to prevent the address) Here we take an IP try it! If you find that 211.93.109.1 has DDoS in this case, select the source address for the 211.93.*.* ... A specific IP address ... fill in the IP address 211.93.109.1, click Next, and the destination address appears. Choose my IP address,

Next, select any of the IP protocol types that appear, click Next, and then determine. This will go back to the IP filter list, select the new one we just created (Cutip in this case), and then next. The filter action appears, which is selected at the beginning of the filter operation, (here is rejected) Click a step, finally to complete, OK.

4. Finally. We need to assign the new IP Security policy.

This will enable you to limit the 211.93.109.1 of this IP attack and access.