Hi,
If Michel's supposition is true it's unlikely that this would be a distributed DOS attack.
Also, if Michel has an idea where it is coming from then it doesn't sound as if the IP addresses vary much.
Just guessing.......
>This tool will not be useful against the most common form of DoS which is the distributed form - from may different IPs or using many spoofed IP addresses. Plus, this tool is trying to keep IIS up on the server but DoS often just fills up the pipe going into the server so whether it's up or not is irreleveant.
>
>It would be interesting for Michel to give details of the type of DoS; from a single IP, range of IP or mutliple different IP sources, target of attack, was the pipe flooded, what type of request was hitting the server(s), why were his other servers not affected (cannot have been a pipe flood in this case), what was causing the server to reboot, has it stopped, how was it stopped, did the ISP help, was the server patched, etc, etc ... ? Give some useful info Michel.
>
>
>>Hi,
>>
>>This was released recently. Maybe it would help:
http://arstechnica.com/microsoft/news/2009/02/microsoft-releases-beta-tool-for-fighting-dos-attacks.ars>>Download here:http://www.iis.net/extensions/DynamicIPRestrictions
>>HTH,
>>Viv
>>
>>>In the last six weeks, we have been trying to find the source of the denial of service which was made against the Universal Thread site. This has been the most difficult issue so far we had to deal with in regards to security issue about the site. We have made some adjustments targeted at collecting more data, made a lot of verifications about the infrastructure and so on. During that timeframe, this was causing the site to be overloaded and it was coming up back by itself within a range of 2 to 6 minutes, the time it took to process all the backlogs. A month ago, I mentioned online that this was caused by an external resource. We were not able to provide more information on this because we needed to catch it and adjust after.
>>>
>>>I would like to mention that this kind of situation is really sad. Whoever was being this, they should know that this cost us a lot of money, time and effort. We are still pretty sure about the reason for this. Some individuals on this planet should know that this is something very bad to do. When someone is off the site, this decision should be respected as is. But, doing this kind of action, is totally unacceptable. This has hurt our image, our members and who ever is involved in the good running of the site, which also includes our customers.
>>>
>>>Not to forget that we are presently in a middle of some very difficult times and we are all trying in the best we can to continue to support and use this site. This behavior happened during the worst period we have ever had to deal with in regards to a financial crisis and the related individual should have also taken that in consideration. This demonstrates that some individuals on this planet have absolutely no moral at all and no respect for people around them. The pattern I have observed and the point of original are related to the recent situations. We cannot confirm if it goes back to several months but for sure during the last few weeks. The pattern was also happening on occasional basis instead of an automatic pattern. Thus, we were ok for 8 to 15 days then it was coming back several times a day. This is what has triggered our attention that our infrastructure was ok and that it was caused by an external source. Note also that we have other sites running on the same server with the same infrastructure. And, they were not affected by that and have never suffered from such action. Thus, IIS to the site itself was related, thus the Universal Thread only.
>>>
>>>We are very sorry about that situation. We hope this was all that was related to it. If there would be more related situations, we would do our best to rectify it as soon as possible. We just hope this has resolved it for a very long time.
