tags:

views:

46

answers:

2
Q: 

Which steps could you take to minimize the effect of a potential (D)DoS attack in IIS?

With a single-server setup for simplicity, which steps could you do to minimize the attacks of a (D)DoS attack? And is it really worth it taking these steps, considering their effectivity and impact on 'normal' users?

[EDIT] I also meant to include steps which you would need inject into your code to apply, not only IIS setup.

+1  A: 

A good point to start it´s having a good firewall that blocks IP when they are doing a lot of petitions per second.

The IIS LockDown Tool can be useful: http://technet.microsoft.com/en-us/library/dd450372(WS.10).aspx

Onir  2009-08-10 10:29:10
Good link thanks!
Darknight  2009-08-10 10:44:52
A: 

-- Identifying the expected number of users/connection and limiting the connection. -- URLScan can filter out unwanted requests.. search for URLScan on iis.net

:)

 2009-08-12 13:04:30

related questions

Centos or Debian as a server OS ?
Where can I find a FTP Server with an API?
Technical issues when switching to an unmanaged Virtual Private Server (VPS) hosting provider?
Should I use a dedicated network channel between the database and the application server?
Do I need to leave gaps in a standard server rack?
Monitoring CPU Core Usage on Terminal Servers
Which hardware to buy for a new Linux server system?
Website Hardware Scaling
Ajax polling.
I ALMOST understand how email works, but I'm missing something.
How do you minimize the number of threads used in a tcp server application?
Perfmon File Analysis Tools
Cleanest & Fastest server setup for Django
Is there some way to PUSH data from web server to browser?
How do I secure my new web server (Server 2008)?
Subversion Management Tools
What kind of servers did you virtualize lately?
Closet server versus Colo?
Personal Linux web server
Error ADMA5026E for WebSphere Application Server Network Deployment
What means the error SECJ0222E in WebSphere Application Server 5.1
What is called a Node in a WebSpere Network Deployment
Can someone give me a working example of a build.xml for an EAR that deploys in WebSphere 6
Asynchronous multi-direction server-client communication over the same open socket?
Best way to access Exchange using PHP?