Ask the Expert

Someone's trying to flood our server

We have Windows 2000 server, IIS 5 SP3 with all current hotfixes. We have around 600 sites running on it. We also implemented IP filtering. Our open ports are 20, 21, 80, 443, 1433 and 3389. Recently, we have been having problems with someone trying to flood our server. Our ports get stopped one by one. I am unable to connect using Terminal Services, and I don't have any other solutions besides physically rebooting it.
Welcome to the world of DoS (denial of service) attacks, or maybe it's a DDoS (distributed denial of service) attack. These attacks do not just affect Windows 2000/IIS. Any Web server, any network, can be subjected to them. There are some things you can do, including hardening your TCP/IP stack to make it more resistant, attempting to determine the source of the flooding and asking your ISP to block traffic from those networks, and, of course, asking them to ask upstream ISP to do the same. Some large sites add extra bandwidth to deal with these attacks. You also need to find out if this is an attack against you or merely a general attack. What is the nature of the attack? What do your logs say? Are others experiencing these attacks? Are you sure the attacks are coming from outside your network? DDoS attacks work by taking over other systems and using them to attack. These "slave" systems, or "bots," could be inside your internal network. Are they? Here are some references that might help you:
  • Hardening TCP/IP
  • Best practices for preventing DoS
  • Or click here for another viewpoint, but you'll have to register to view the document.
  • This was first published in January 2003

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: