How can I detect IP addresses that connect to IIS?

If you've ever wanted to detect IP addresses that try to connect to your IIS (Internet Information Services) servers, this advice can help.

Is there any way to detect when a specific IP address is constantly trying to connect to IIS?
The easiest/best thing to do is set up a network analyzer such as Ethereal or, better yet, OmniPeek with an address filter on the local host or on a secondary host that's plugged into the span/mirror port on the Ethernet switch and can see the traffic. Any traffic to or from that IP will be captured.

For more information on securing Internet Information Services:

  • Windows security toolbox: Network security tools
    Check out these 12 free tools from to prevent attackers from crippling your network.
  • Keeping your IIS server secure
    Don't allow your IIS file server to remain vulnerable. Be proactive and learn how to better secure it while running Windows Server 2003.
  • Internet Information Services Security Journal
    IIS security is improving, but Web server security is still a concern. Find out how to lock down IIS in this journal.

Dig Deeper on Enterprise desktop management