|
Home > Archive > IIS Server Security > May 2006 > a new idea to prevent DoS attacks
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
a new idea to prevent DoS attacks
|
|
| Eng.Rana@gmail.com 2006-05-18, 7:20 am |
| Dear ALL,
i was wondering if there exists any plugins or filters for IIS that
will allow me to limit the number of requests from a specifi IP
address.
or to automatically decrease the number of requests achieved from a
single clients that we doubt that he is trying to carry a DoS attack
due to his excessive number of requests.
any ideas???????????
thanx in advance
| |
| Daniel Crichton 2006-05-18, 7:20 am |
| Eng.Rana@gmail.com wrote on 18 May 2006 01:29:16 -0700:
> Dear ALL,
>
> i was wondering if there exists any plugins or filters for IIS that
> will allow me to limit the number of requests from a specifi IP
> address.
> or to automatically decrease the number of requests achieved from a
> single clients that we doubt that he is trying to carry a DoS attack
> due to his excessive number of requests.
>
> any ideas???????????
>
> thanx in advance
Surely this is better implemented in a dedicated firewall device between the
IIS server and the internet. Stopping a DoS at IIS doesn't prevent it tying
up TCP/IP resources at the OS level.
Dan
| |
| Egbert Nierop \(MVP for IIS\) 2006-05-19, 1:17 pm |
|
<Eng.Rana@gmail.com> wrote in message
news:1147940956.813258.158820@i40g2000cwc.googlegroups.com...
> Dear ALL,
>
> i was wondering if there exists any plugins or filters for IIS that
> will allow me to limit the number of requests from a specifi IP
> address.
> or to automatically decrease the number of requests achieved from a
> single clients that we doubt that he is trying to carry a DoS attack
> due to his excessive number of requests.
>
> any ideas???????????
>
> thanx in advance
ISA Server does completely deal with this and at a deep level!
http://www.microsoft.com/isaserver/default.mspx
| |
| Ken Schaefer 2006-05-21, 7:14 am |
| Hi,
A DoS attack can take many forms. An excessive number of requests can simply
saturdate your available bandwidth. Even if IIS is rejecting the requests,
the sheer number of requests can flood your available internet connection,
denying service to legitimate users.
Typically the best way to deal with this involves:
a) having a dedicated firewall server or appliance that has the
functionality to block requests that tie up resources (e.g. connection open
requests from spoofed IP addresses)
-and-
b) involving your upstream bandwidth suppliers - only at the point where the
upstream provider has more bandwidth than the attacker can the problem
really be resolved. That upstream provider needs to take steps to dispose of
the malicious traffic (either by blocking it, dropping it, or similar).
Cheers
Ken
<Eng.Rana@gmail.com> wrote in message
news:1147940956.813258.158820@i40g2000cwc.googlegroups.com...
> Dear ALL,
>
> i was wondering if there exists any plugins or filters for IIS that
> will allow me to limit the number of requests from a specifi IP
> address.
> or to automatically decrease the number of requests achieved from a
> single clients that we doubt that he is trying to carry a DoS attack
> due to his excessive number of requests.
>
> any ideas???????????
>
> thanx in advance
>
|
|
|
|
|