He intentado todo lo posible para contrarrestar estos ataques pero me es imposible .
Les cuento, el servidor se congestiona a un 60% de CPU y Network Internet Acces se desconecta deshabilitando todo acceso TCP.
La unica manera de poder acceder es por VNC via Web y no RDP.
He cerrado todos los puertos TCP y bloqueado todo un Rango de paises , habilitando solo un cierto rango de paises pero el ataque a un continua.
No uso el puerto 80 ni servidor web.
He probado varios firewall Comodo, D-Guard Anti DDOS, Fortguard y otros mas testeando la seguridad pero mi servidor a un es inestable.
Uso un software protect ddos limitando maximas conexiones simultaneas TCP por IP similar al software KiwiGuard pero no detecta el ataque.
Mi Servidor Virtual es Windows Server 2008 R2 x64
Intel(R) Core(TM) i7 CPU 950 @ 3.0.7GHz 3.15 GHz
1GB Ram / 4 Cores
Network Speed 1.0 Gbps
Por favor necesito de su ayuda expertos en seguridad.
Logs de firewall Windows:
Código:
Tengo cientos de accesos similares a ese log con diferentes IP externas12-08-18 21:20:02 DROP TCP 132.215.114.180 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 195.160.183.209 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 96.62.83.214 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 79.10.30.114 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 14.23.179.108 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 178.2.58.83 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 63.104.226.214 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 74.189.188.111 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 41.222.108.148 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 119.110.76.143 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 99.188.48.204 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 165.222.1.14 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 126.15.11.32 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 114.189.164.186 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 154.7.251.226 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 79.77.150.160 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 123.226.180.170 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 81.167.208.72 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 69.219.128.125 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 81.18.74.248 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 46.28.117.132 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 221.155.219.162 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 186.88.224.125 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 143.117.247.186 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 213.130.165.57 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 120.39.157.93 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 70.254.70.26 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 138.254.93.12 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 178.40.79.58 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 3.223.103.28 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 206.156.135.110 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 180.199.109.103 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 82.238.133.192 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 73.200.163.149 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 132.18.152.224 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 1.100.211.182 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 69.131.117.10 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 166.146.26.218 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 220.100.121.238 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 152.182.48.231 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 117.95.58.82 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 83.250.99.189 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 59.79.43.71 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 171.218.150.12 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 189.23.84.128 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 74.33.123.122 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 209.237.85.111 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 145.193.227.218 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 130.56.116.48 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 148.210.171.119 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE 2012-08-18 21:20:02 DROP TCP 89.34.86.56 198.136.63.178 1234 80 40 S 0 0 5840 - - - RECEIVE
Ayuda por favor