Detecting DoS / DDoS Attack on a Windows 2003 / 2008 Server

Question: How do I detect a DDOS (Distributed denial of service) / DOS attack on a Windows Server 2003 / 2000 / 2008? Can I use Linux netstat command syntax to detect DDoS attacks?

Answer:A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.

ADVERTISEMENTS

You can always use netstat command to get list of connections under Windows. Open command prompt by visiting Start > Run > Type “cmd” in box.

netstat is a command line utility which displays protocol statistics and current TCP/IP network connections in a system. Type the following command to see all connections:
netstat -noa
Where,

  1. n: Displays active TCP connections, however, addresses and port numbers are expressed numerically and no attempt is made to determine names.
  2. o: Displays active TCP connections and includes the process ID (PID) for each connection. You can find the application based on the PID on the Processes tab in Windows Task Manager.
  3. a: Displays all active TCP connections and the TCP and UDP ports on which the computer is listening.

You can use find command as filter to searches for a specific string of text in a file. In the following example you are filtering out port 80 traffic:
netstat -ano | find /c "80"
Find the IP address which is having maximum number of connection and block it using Cisco firewall or IPSec. Another protective measurement is to harden the TCP/IP stack.

Further readings:

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallCentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
8 comments… add one
  • yafrank Dec 9, 2008 @ 12:56

    The -o option is not work in 2000sp4.

  • 🐧 nixCraft Dec 9, 2008 @ 14:28

    I’ve tested this on Windows 2003 server.

  • desis Mar 3, 2009 @ 3:06

    How can I detect DDOS attack of apache server linux server

  • CCcam Mar 26, 2009 @ 22:23

    how to block Dos Attacks in LINux

  • Azeroth Jul 30, 2009 @ 5:04

    For Desis and CCcam
    look it:

    http://deflate.medialayer.com/

    good lucky :D

  • Hamid Aug 28, 2010 @ 6:41

    Hi,
    how to block Dos Attacks in windows 2003

  • Uwe Feb 18, 2011 @ 16:29

    Great information, thanks a lot! I really have to dive more into the netstat stuff.

  • Juha Jurvanen Oct 3, 2012 @ 9:30

    You should also keep an eye on the security auditlogs for unknown username / password attempts or have a software such as Syspeace installed to automatically handle brute force / ddos attempts on Windows servers. I know there’s a Win 2003 version coming out also for it

    Regards Juha Jurvanen
    Senior IT consultant in backup, server operations security and cloud
    http://www.jufcorp.com

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.