DOS Attack on Server!
We have hosted an application on our server which gets accessed across the globe. Everything works fine for years but suddenly from last 2 weeks we face issue that users complaint server not responding. Upon checking our Cisco ASA we identified numerous attempts from IP's from CHINA that tries to connect to our Server. As a result our users unable to access the server, although time to time we are blocking the unknown pools using ASA but yet the Attacks keep on coming from different sources.
Current Network Setup is As following: -
ISP => Cisco ASA => SQL Server
OS = Windows 2003 (Also running MS ISA 2004)
Our application get accessed from different source machines so we can't directly block all unknown source IP for this particular application using Cisco ASA.
Any suggestion how can we block/minimize these DOS attacks?
I wish this could have been possible. :(
Maybe this will help you to block some ;)
Originally Posted by FanacooL
For Web server's .htaccess blocklists go here:
and for firewall/iptables/other formats of ip addresses go here:
In addition to this, you can monitor these pages for changes in IP addresses and get the alerts via emails by using this:
NOTE: The links i have provided are mainly against Asian addresses. If you go to the homepage of wizcrafts you have other countries too such as nigeria etc....
If my memory is correct then i got these links/ideas from Nihil some time ago, so special thanks to goto Nihil.
You should look into fail2ban alternatives for Windows, there's got to be something out there like that.
Its quite helpful :) Thanks.
You have several options with you ASA, you can set connection limits to that server, so when it reaches a high volume of hits it will start shunning those connections and prevent an overload on that server. Another option is to just block that ip or range that is hitting your server.