This is for Doc - Help! Options

[Phoenix2]

My box keeps getting dos attacked between the hours of 8 and 12 PM EST every day. All I have for protection is windows firewall, which blocks out everything except traffic on 3 or 4 ports. My box runs the application Counter-Strike: Source and the dos attack destination (according to support) is the port 27015, the same port the game server runs on. I have 3 css instances running on the box, but only one suffers from the 90-100 % consumption of my 100mbit port.

Any suggestions?

[AaronC]

Is the attack from a single source or is it a ddos?

[doc]

You need to contact support so they can null route the inciting IP address. Unfortunately I can not help you much with this one.

Good luck.

[DeadTed]

If it is a single IP doing the attack you can create an IPSec policy to block and add the IP there. Then if any additional bad ips pop up you can simply add them to your block list. You can also block an entire subnet if you like.

I had a problem with someone crashing a game server on purpose a while back and this worked great. He can't even ping any of the IPs on the server machine at all because he's blocked

[ajz4221]

IPSEC works well when configured properly.
The downside, the attacks are still using bandwidth.

[doc]

Yep. The goal is to stop the traffic at the router, not at the server level. If the traffic continues to the server it will eat up all of your network connection.