General Discussions

**hyipo** · 11:48 PM

I am wondering if I have been hit by dozens of DoS Attacks

My server keeps messing up.

My server keeps going out of service, and I have to keep restarting my server to get the service working.

I didn't used to have to restart my web server (not computer) almost all the time.

Should I report this to microsoft since I am using IIS 5 web server?

Do you think my servers starting to lose performance, and being unacessable a DoS Attack?

It's not a huge attack, I can still access the internet. I wonder if it's a vunerability and I need to report this to Microsoft.

**Minaki** · 03-31-2006, 03:26 AM

It's very unlikely that you'll need to report anything to Microsoft.

Have you made sure that you've applied all the relevant patches and service packs to the server? Also, have you run the IIS lockdown tool? Those are the main things you need to do to help secure an IIS server.

As for a DoS attack, first of all check your IIS logs - that'll show you requests to the server so you can look for anything dodgey in there. If there's lots of 404 statuses for long URLs that contain lots of hex codes, or requests for cmd.exe or root.exe, then someone might be attempting a hack, or trying loads of known vulnerabilities to try to get in.

If the DoS attack is on the network level though, you won't see this in the logs - you'll need to use a network traffic analyzer such as Ethreal to sniff packets off the wire.

If you're looking after a server, there's a lot to do to keep it safe, stable and constantly online... you really need to know your stuff.