-
March 30th, 2011, 06:07 AM
#1
DOS Attack on Server!
Hi!
We have hosted an application on our server which gets accessed across the globe. Everything works fine for years but suddenly from last 2 weeks we face issue that users complaint server not responding. Upon checking our Cisco ASA we identified numerous attempts from IP's from CHINA that tries to connect to our Server. As a result our users unable to access the server, although time to time we are blocking the unknown pools using ASA but yet the Attacks keep on coming from different sources.
Current Network Setup is As following: -
ISP => Cisco ASA => SQL Server
||
DC
||
LAN
OS = Windows 2003 (Also running MS ISA 2004)
Our application get accessed from different source machines so we can't directly block all unknown source IP for this particular application using Cisco ASA.
Any suggestion how can we block/minimize these DOS attacks?
One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!
-
March 30th, 2011, 05:42 PM
#2
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
March 31st, 2011, 05:52 AM
#3
I wish this could have been possible.
One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!
-
March 31st, 2011, 11:08 AM
#4
Originally Posted by FanacooL
I wish this could have been possible.
Maybe this will help you to block some
For Web server's .htaccess blocklists go here:
Code:
http://www.wizcrafts.net/chinese-blocklist.html
and for firewall/iptables/other formats of ip addresses go here:
Code:
http://www.wizcrafts.net/chinese-iptables-blocklist.html
In addition to this, you can monitor these pages for changes in IP addresses and get the alerts via emails by using this:
Code:
http://www.changedetection.com/
NOTE: The links i have provided are mainly against Asian addresses. If you go to the homepage of wizcrafts you have other countries too such as nigeria etc....
If my memory is correct then i got these links/ideas from Nihil some time ago, so special thanks to goto Nihil.
Cheers everyone.
Ubuntu-: Means in African : "Im too dumb to use Slackware"
-
April 1st, 2011, 05:01 AM
#5
Junior Member
You should look into fail2ban alternatives for Windows, there's got to be something out there like that.
-
April 1st, 2011, 06:36 AM
#6
@instronics
Its quite helpful Thanks.
One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!
-
April 5th, 2011, 07:23 AM
#7
Oliver's Law:
Experience is something you don't get until just after you need it.
-
April 7th, 2011, 02:02 AM
#8
Junior Member
You have several options with you ASA, you can set connection limits to that server, so when it reaches a high volume of hits it will start shunning those connections and prevent an overload on that server. Another option is to just block that ip or range that is hitting your server.
Similar Threads
-
By HTRegz in forum Other Tutorials Forum
Replies: 3
Last Post: April 18th, 2021, 01:59 PM
-
By elfguy in forum General Computer Discussions
Replies: 17
Last Post: July 7th, 2005, 01:34 AM
-
By gore in forum Operating Systems
Replies: 2
Last Post: February 25th, 2005, 08:12 AM
-
By NullDevice in forum The Security Tutorials Forum
Replies: 21
Last Post: December 17th, 2003, 10:03 PM
-
By Lansing_Banda in forum Network Security Discussions
Replies: 2
Last Post: October 5th, 2003, 02:14 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|