Q

Someone's trying to flood our server

We have Windows 2000 server, IIS 5 SP3 with all current hotfixes. We have around 600 sites running on it. We also implemented IP filtering. Our open ports are 20, 21, 80, 443, 1433 and 3389. Recently, we have been having problems with someone trying to flood our server. Our ports get stopped one by one. I am unable to connect using Terminal Services, and I don't have any other solutions besides physically rebooting it.
Welcome to the world of DoS (denial of service) attacks, or maybe it's a DDoS (distributed denial of service) attack. These attacks do not just affect Windows 2000/IIS. Any Web server, any network, can be subjected to them. There are some things you can do, including hardening your TCP/IP stack to make it more resistant, attempting to determine the source of the flooding and asking your ISP to block traffic from those networks, and, of course, asking them to ask upstream ISP to do the same. Some large sites add extra bandwidth to deal with these attacks. You also need to find out if this is an attack against you or merely a general attack. What is the nature of the attack? What do your logs say? Are others experiencing these attacks? Are you sure the attacks are coming from outside your network? DDoS attacks work by taking over other systems and using them to attack. These "slave" systems, or "bots," could be inside your internal network. Are they? Here are some references that might help you:
  • Hardening TCP/IP
  • Best practices for preventing DoS
  • Or click here for another viewpoint, but you'll have to register to view the document.
  • This was first published in January 2003

    Dig deeper on Network intrusion detection and prevention and malware removal

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchVirtualDesktop

    SearchWindowsServer

    SearchExchange

    Close