Questions? Feedback? powered by Olark live chat software
Knowledgebase Articles: Security
Author Avatar

Prevent DDOS Attack on Windows VPS

Written by: on 21 January 2014 10:41 AM 21 January 2014 10:41 AM

Guide to address how to prevent your VPS from being used in a DDOS attack. This affects all versions of Windows DNS.

This article will address how to prevent your VPS from being used in a DDOS attack. This affects all versions of Windows DNS (2003/2008/2012).

 

1. Your DNS Server is used for your VPS to resolve external domains

If you have installed the DNS server on your Windows VPS that has forwarders turned on, you must configure the Windows Firewall to stop outside users from using your DNS server.

All you need to do is modify the DNS TCP/UDP Incoming firewall rules on the Scope tab, and add any IPs you want to be able to access the DNS server:

Important: If you are joining other servers to a Windows Active Directory domain, you will need to make sure that you are adding the other server’s IP addresses to the “Remote IP Address” section. 

You can verify that the DNS server is open to being used in an attack by using the "nslookup" command.

On your own computer (not on the VPS) open a command prompt and type:

  • nslookup
  • yahoo.com 203.143.X.X

(where 203.143.X.X is the IP address of your VPS).

If it is secure it will look like this:

C:\Windows\system32>nslookup
Default Server:  BigPond.BigPondAddress:  10.0.0.138
> yahoo.com 203.143.82.2
Server:  [203.143.82.2]
Address:  203.143.82.2

DNS request timed out.   
timeout was 2 seconds.

DNS request timed out.   
timeout was 2 seconds.

DNS request timed out.   
timeout was 2 seconds.


2. Your DNS Server is being used as a name server for a specific domain

In this case you MUST turn off DNS forwarding, and cannot use the DNS server to resolve external domains. It can only provide information on the domains that it hosts to the public.

To turn off forwarding:

  1. Go to the properties of the DNS server and click on the 'Advanced' tab
  2. Make sure 'Disable recursion' is checked
  3. In the network properties for the VPS make sure you are specifying other DNS servers (not 127.0.0.1) e.g. 8.8.8.8
(2 vote(s))
Helpful
Not helpful