a new idea to prevent DoS attacks

a new idea to prevent DoS attacks

am 18.05.2006 10:29:16 von Eng.Rana

Dear ALL,

i was wondering if there exists any plugins or filters for IIS that
will allow me to limit the number of requests from a specifi IP
address.
or to automatically decrease the number of requests achieved from a
single clients that we doubt that he is trying to carry a DoS attack
due to his excessive number of requests.

any ideas???????????

thanx in advance

Re: a new idea to prevent DoS attacks

am 18.05.2006 12:40:53 von Daniel Crichton

Eng.Rana@gmail.com wrote on 18 May 2006 01:29:16 -0700:

> Dear ALL,
>
> i was wondering if there exists any plugins or filters for IIS that
> will allow me to limit the number of requests from a specifi IP
> address.
> or to automatically decrease the number of requests achieved from a
> single clients that we doubt that he is trying to carry a DoS attack
> due to his excessive number of requests.
>
> any ideas???????????
>
> thanx in advance

Surely this is better implemented in a dedicated firewall device between the
IIS server and the internet. Stopping a DoS at IIS doesn't prevent it tying
up TCP/IP resources at the OS level.

Dan

Re: a new idea to prevent DoS attacks

am 19.05.2006 16:07:27 von Egbert Nierop

wrote in message
news:1147940956.813258.158820@i40g2000cwc.googlegroups.com.. .
> Dear ALL,
>
> i was wondering if there exists any plugins or filters for IIS that
> will allow me to limit the number of requests from a specifi IP
> address.
> or to automatically decrease the number of requests achieved from a
> single clients that we doubt that he is trying to carry a DoS attack
> due to his excessive number of requests.
>
> any ideas???????????
>
> thanx in advance

ISA Server does completely deal with this and at a deep level!
http://www.microsoft.com/isaserver/default.mspx

Re: a new idea to prevent DoS attacks

am 21.05.2006 09:39:53 von Ken Schaefer

Hi,

A DoS attack can take many forms. An excessive number of requests can simply
saturdate your available bandwidth. Even if IIS is rejecting the requests,
the sheer number of requests can flood your available internet connection,
denying service to legitimate users.

Typically the best way to deal with this involves:
a) having a dedicated firewall server or appliance that has the
functionality to block requests that tie up resources (e.g. connection open
requests from spoofed IP addresses)

-and-

b) involving your upstream bandwidth suppliers - only at the point where the
upstream provider has more bandwidth than the attacker can the problem
really be resolved. That upstream provider needs to take steps to dispose of
the malicious traffic (either by blocking it, dropping it, or similar).

Cheers
Ken


wrote in message
news:1147940956.813258.158820@i40g2000cwc.googlegroups.com.. .
> Dear ALL,
>
> i was wondering if there exists any plugins or filters for IIS that
> will allow me to limit the number of requests from a specifi IP
> address.
> or to automatically decrease the number of requests achieved from a
> single clients that we doubt that he is trying to carry a DoS attack
> due to his excessive number of requests.
>
> any ideas???????????
>
> thanx in advance
>