There is something else that can possibly be done to keep the server itself from overloading.. Under IIS's properties for the web site, there is an otion to limit the number of concurrent connections. If your friend can determine the actual number of hits that he normally gets, and it's lower than what he's getting now, drop the concurrent connection limit under the "Web Site" tab of the site in question to something more realistic. It defaults to Unlimited as I recall. This won't keep the pipe from filling up, but it should help keep the server from killing itself. In the meantime, collect any evidence that you have regarding the source site causing the attack and report them. -- Micheal Patterson Network Administration Cancer Care Network ----- Original Message ----- From: "Hunt, Jim" <Jim.Huntat_private> To: <Incidentsat_private> Sent: Sunday, October 27, 2002 10:59 PM Subject: DOS ATTACK > I have a friend that has a DOS Attack going on against their website. It is being done by someone with a very popular website trying to squash a little guy. He is doing it be placing 1 pixel by 1 pixel inline frames in his webpages and having them load my friends webpage. It is killing his server and bandwidth. > > What can we do to block? The Server is W2K with IIS. > > Thanks! > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Oct 29 2002 - 17:49:13 PST