Re: web site hammering

From: David Boyer (nospam_at_nospam.com)
Date: 03/09/05

Next message: marc: "Re: IIS Admin & IIS hang regularly / PHP IIS 5 win 2k server"
Previous message: Pat [MSFT]: "Re: IIS Admin & IIS hang regularly / PHP IIS 5 win 2k server"
In reply to: WenJun Zhang[msft]: "RE: web site hammering"
Next in thread: John Cesta: "Re: web site hammering"
Messages sorted by: [ date ] [ thread ]

Date: Wed, 9 Mar 2005 14:03:31 -0600

I know what I can do after-the-fact, what I want to do is detect certain
kinds of attacks while they're in-process and defend against them.

For example, blocking requests from specific IPs when certain thresholds are
met. If we get 10 requests per-second for the same page from the same IP,
block the IP. If we have more than x number of simultaneous requests from
the same IP, block the IP.

This sounds like something for which and ISAPI filter could be used, but I
suppose there are other approaches. I wondering what's currently out there
to do stuff like this.

""WenJun Zhang[msft]"" <v-wzhang@online.microsoft.com> wrote in message
news:zWHdqRJJFHA.3124@TK2MSFTNGXA02.phx.gbl...
> Hi David,
>
> On IIS part, I think the only thing you can do may be adding the
> attacker's IP into IIS IP restriction list: in Directory Security
> tab.
>
> A more efficient action should be contacting your or the attacker's
> ISP about this incident, ask them to block the attacker's IP at ISP
> level. However if you find further attacking attempts from different
> IP addresses, I believe the problem have to be finally resovled via
> the approach of law.
>
> Thanks.
>
> Best regards,
>
> WenJun Zhang
> Microsoft Online Partner Support
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>

Next message: marc: "Re: IIS Admin & IIS hang regularly / PHP IIS 5 win 2k server"
Previous message: Pat [MSFT]: "Re: IIS Admin & IIS hang regularly / PHP IIS 5 win 2k server"
In reply to: WenJun Zhang[msft]: "RE: web site hammering"
Next in thread: John Cesta: "Re: web site hammering"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Trapping for invalid URLs
... >> It discusses, and provides a solution for, URL rewriting. ... >successfully handed off from IIS to the ASP.NET engine. ... >requests a page with a .aspx extension. ... >hosted with a commercial ISP who, understandably, won't allow this. ...
(microsoft.public.dotnet.framework.aspnet)
Re: Repeated Unsuccessful Attacks to OS and ???
... It would appear to be a characteristic of an iis exploit. ... patching and locking down the server is the best practice. ... will still get hit with these requests. ... attacks and exploits. ...
(microsoft.public.inetserver.iis.security)
Re: IIS 6 Logging
... such information give you the info on any attacks. ... entire logging in IIS. ... > Is there any way to prevent IIS 6 to log certain requests, ...
(microsoft.public.inetserver.iis.security)
Re: webserver in linux at home ?
... Your ISP probably *doesn't care* if you run a low-traffic ... IP addr, but as mentioned above, using dyndns and ddclient, ... was a power failure due to misapplication of my finger. ... Up until a few months ago, I got much traffic from attacks ...
(comp.os.linux.misc)
Re: Telnet: route to host
... >out why we couldn't reach anything on the internet - pings failed ... Or switch to an ISP that knows and understands networking. ... I see regular attacks on my machine, ... As to adding IPs to your filters you may find that your filters get ...
(comp.unix.sco.misc)