Best Open Source Firewall for Window Server 2008 ?

Hi,

Recently I am experiencing a lot of DDoS attacks on my Window server.
Just wanted to know if there are any free tools that can be installed on the server or if any good paid softwares that can help make my server bit secure and steady.

Thanks
Akshay

 

I would buy any cheap box and install OpenBSD on it, or pfsense firewall.
http://www.pfsense.org/

They use pf firewalls and put your Windows box in a VLAN, so high security. You'll probably have to read about how to configure pf firewalls though http://nostarch.com/pf2.htm

This won't defend against major DDOS though you have to buy commercial DDOS protection.

 

Server 2008 has an SPI firewall built-in that is pretty good. There are also some changes you can make to the network stack that help to increase the level of security and help to mitigate some of the effects of a DOS attack. Have a look a the high-security web server policy script example that comes with windows for ideas on securing the stack and other parts of Server 2008. It's called something like HISECWEB - don't run it "as is" because it can lockdown the server too much. Just use it to get ideas and see some of the DOS mitigators that are there.

Here's some of the parameters that I'm sure are in that file...

machine\system\currentcontrolset\services\tcpip\parameters\tcpmaxportsexhausted=4,5
machine\system\currentcontrolset\services\tcpip\parameters\tcpmaxdataretransmissions=4,3
machine\system\currentcontrolset\services\tcpip\parameters\tcpmaxconnectresponseretransmissions=4,2
machine\system\currentcontrolset\services\tcpip\parameters\tcpmaxhalfopen=4,500
machine\system\currentcontrolset\services\tcpip\parameters\tcpmaxhalfopenretried=4,400
machine\system\currentcontrolset\services\tcpip\parameters\nonamereleaseondemand=4,1
machine\system\currentcontrolset\services\tcpip\parameters\synattackprotect=4,2
machine\system\currentcontrolset\services\tcpip\parameters\performrouterdiscovery=4,0
machine\system\currentcontrolset\services\tcpip\parameters\keepalivetime=4,300000
machine\system\currentcontrolset\services\tcpip\parameters\enablepmtudiscovery=4,0
machine\system\currentcontrolset\services\tcpip\parameters\enableicmpredirect=4,0
machine\system\currentcontrolset\services\tcpip\parameters\enablefragmentchecking=4,1
machine\system\currentcontrolset\services\tcpip\parameters\enabledeadgwdetect=4,0
machine\system\currentcontrolset\services\tcpip\parameters\enableaddrmaskreply=4,0
machine\system\currentcontrolset\services\tcpip\parameters\disableipsourcerouting=4,2
machine\system\currentcontrolset\services\netlogon\parameters\requirestrongkey=4,0
machine\system\currentcontrolset\services\netbt\parameters\nonamereleaseondemand=4,1

Code (markup):

You'll also find lots of info on the web. Strangely enough, some of the best resources regarding security that can be found will be for Server 2003. Server 2008 and Server 2012 were much more secure by default and there is a lot less information around. We still use the securiy scripts we wrote for server 2003 on Server 2012 (with some tweaks and deletions) as part of our server lockdown process. Just be sure that anything you find for earlier OSs on security are not obsolete for future ones.

If you are suffering from genuine DDOS attacks, there's probably little you can do about that personally. You'll need to escalate that to your upstream provider for help.

 

You probably want to try out Netdefender, but honestly, setting up a defense against DDoS is a tedious task. Plus these systems can only withstand an attack of a certain intensity. There is no 100% perfect solution for DDOS.
The best thing you can do is, take your server offline.
Identify and block the ips/network
Precaution is better than cure. So it's important to have a strong security policy in place.
Have a firewall which does Ingress and Egress Filtering at Gateway
More importantly, make sure that all the applications are updated with the latest versions to ensure there aren't any vulnerabilities left behind.