Re: A DOS is crushing IIS
From: Karl Levinson [x y] MVP (jamescagney90210@excite.com)
Date: 10/20/02
- Next message: Karl Levinson [x y] MVP: "Re: IIS Security patch"
- Previous message: Karl Levinson [x y] MVP: "Re: 2nd post - IIS and SSL install"
- In reply to: al: "A DOS is crushing IIS"
- Next in thread: al: "Re: A DOS is crushing IIS"
- Reply: al: "Re: A DOS is crushing IIS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] MVP" <jamescagney90210@excite.com> Date: Sun, 20 Oct 2002 09:09:06 -0400
No problem, depending on how it spread, you could probably just block the IP
at the firewall, or get help from your ISP.
What do you see in Network Monitor? Could this be a simple SYN flood or
other known DoS?
An IDS such as Snort or maybe even blackice might be able to help determine
what this is as well.
"al" <news@thispartisfake-13c.com> wrote in message
news:#xMPS$6dCHA.392@tkmsftngp09...
> I believe there is a DOS attack out there that makes an http requests that
> can make IIS incapable of much. The requests do not get logged at all so
> they must be very invalid. URLSCAN does not help and the result is the
same
> with or without it. The requests are not consuming much bandwidth.
>
> Since I have no IIS logs, all I have is the capture of Network Monitor.
>
> So I can block the offender but what happens if this spreads?
>
> --
> al.NET
> It's not my website it's me dammit!
>
>
- Next message: Karl Levinson [x y] MVP: "Re: IIS Security patch"
- Previous message: Karl Levinson [x y] MVP: "Re: 2nd post - IIS and SSL install"
- In reply to: al: "A DOS is crushing IIS"
- Next in thread: al: "Re: A DOS is crushing IIS"
- Reply: al: "Re: A DOS is crushing IIS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
