Problem solve Get help with specific problems with your technologies, process and projects.

Someone's trying to flood our server

We have Windows 2000 server, IIS 5 SP3 with all current hotfixes. We have around 600 sites running on it. We also implemented IP filtering. Our open ports are 20, 21, 80, 443, 1433 and 3389. Recently, we have been having problems with someone trying to flood our server. Our ports get stopped one by one. I am unable to connect using Terminal Services, and I don't have any other solutions besides physically rebooting it.
Welcome to the world of DoS (denial of service) attacks, or maybe it's a DDoS (distributed denial of service) attack. These attacks do not just affect Windows 2000/IIS. Any Web server, any network, can be subjected to them. There are some things you can do, including hardening your TCP/IP stack to make it more resistant, attempting to determine the source of the flooding and asking your ISP to block traffic from those networks, and, of course, asking them to ask upstream ISP to do the same. Some large sites add extra bandwidth to deal with these attacks. You also need to find out if this is an attack against you or merely a general attack. What is the nature of the attack? What do your logs say? Are others experiencing these attacks? Are you sure the attacks are coming from outside your network? DDoS attacks work by taking over other systems and using them to attack. These "slave" systems, or "bots," could be inside your internal network. Are they? Here are some references that might help you:
  • Hardening TCP/IP
  • Best practices for preventing DoS
  • Or click here for another viewpoint, but you'll have to register to view the document.
  • Dig Deeper on Enterprise desktop management

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.