Strange problem with IIS and Denial of Service attack...
From: Justin (justin_edmunds2001_at_yahoo.co.uk)
Date: 07/30/03
- Next message: Mike: "Re: Watchguard"
- Previous message: Don Kelloway: "Re: Sonicwall TELE3 TZX & DMZ"
- Next in thread: Larry: "Re: Strange problem with IIS and Denial of Service attack..."
- Reply: Larry: "Re: Strange problem with IIS and Denial of Service attack..."
- Reply: R Green - WoWsat.com: "Re: Strange problem with IIS and Denial of Service attack..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 30 Jul 2003 00:12:02 -0700
I've got an interesting problem with my webserver.
CURRENT STATE
Over the last two weeks my website and email server has been down as
it seems to be attacked by an ICMP Echo Request flood. It always
originates from a single IP address. The result is my machine is
totally inaccessible whilst this is occurring.
THE CLINCHER
However, on investigating I've notice that if I use the server all is
OK. The network is accessible and email are able to come in.
If I leave the server for an hour or so, the attacking seems to start.
As soon as I go back to the server, and open Internet Explorer (not
just move the mouse as this has no effect) - the attacking will stop
and the webserver and email services will again be accessible.
CONCLUSION
So it seems that as soon as IE is accessing the internet my server is
accessible... Very strange - I seem to have some sort of trojan that
only kicks in when there is no detected internet activity. Recently, I
was able to stop the floods by leaving IE on a website (news.com.au)
that refreshes itself automatically every minute. This is currently
how I can stop the floods.
* I have a Netgear firewall which only allows in HTTP and SMTP traffic
for the webserver and Email server.
* I have put ZoneAlarm on to try and trap the thing going out
* I've tried a full virus scan with the latest form Norton Antivirus.
Anyone seen this sort of thing before?
Justin
(Server running Win2k Server and IIS5 and latest hotfixes)
- Next message: Mike: "Re: Watchguard"
- Previous message: Don Kelloway: "Re: Sonicwall TELE3 TZX & DMZ"
- Next in thread: Larry: "Re: Strange problem with IIS and Denial of Service attack..."
- Reply: Larry: "Re: Strange problem with IIS and Denial of Service attack..."
- Reply: R Green - WoWsat.com: "Re: Strange problem with IIS and Denial of Service attack..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
