Re: DOS ATTACK

["Micheal Patterson" <micheal () cancercare net>]

There is something else that can possibly be done to keep the server itself
from overloading.. Under IIS's properties for the web site, there is an
otion to limit the number of concurrent connections. If your friend can
determine the actual number of hits that he normally gets, and it's lower
than what he's getting now, drop the concurrent connection limit under the
"Web Site" tab of the site in question to something more realistic. It
defaults to Unlimited as I recall. This won't keep the pipe from filling up,
but it should help keep the server from killing itself. In the meantime,
collect any evidence that you have regarding the source site causing the
attack and report them.

--

Micheal Patterson
Network Administration
Cancer Care Network


----- Original Message -----
From: "Hunt, Jim" <Jim.Hunt () nwsc k12 in us>
To: <Incidents () securityfocus com>
Sent: Sunday, October 27, 2002 10:59 PM
Subject: DOS ATTACK


> I have a friend that has a DOS Attack going on against their website.  It
is being done by someone with a very popular website trying to squash a
little guy.  He is doing it be placing 1 pixel by 1 pixel inline frames in
his webpages and having them load my friends webpage.  It is killing his
server and bandwidth.
> What can we do to block?  The Server is W2K with IIS.
>
> Thanks!


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com