1

Can I block packets (Specifically UDP) that are > X length? I am getting attacked exclusively by UDP packets that are very large in size from a large number of IP Addresses. I have a legitimate use for UDP packets on the attack port, but anything over a certain size is guaranteed malicious for my purposes.

Im on Windows Server 2008, with no hardware firewall.

Thank you.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
Ryan
  • 11
  • 1
  • It depends *why* you need to block the packets. For example, if you need to block the packets because they're eating up your inbound bandwidth, blocking them on the machine won't help. But if your replies to them are eating your outbound bandwidth, that will help. – David Schwartz Jul 28 '12 at 23:14

2 Answers2

0

Windows does not support this feature natively.

Your options are:

  • getting a hardware firewall
  • Some soft firewalls like Zone Alarm can drop packets if the length of the package is longer than the reported a length. But I do not know of any software firewall for Windows that can achieve this.
Lucas Kauffman
  • 16,880
  • 9
  • 58
  • 93
0

You can do it one of two ways:

  • In the application, by looking at the size of the read packet and not doing any processing on it if it's too big. Won't save you any network traffic, but it'll avoid having to spend CPU cycles processing the dud packet.
  • Install a decent firewall upstream (as far upstream as you can manage) and filter there. Your service provider should be able to provide a suitable service (possibly for a fee). That will be much better because it won't congest network links between the filtering device and your server.

Trying to do it with a Windows host-based firewall might be possible, but it's not particularly effective -- you won't save much resources blocking the packets at the host over just dropping them in your application.

womble
  • 96,255
  • 29
  • 175
  • 230