[isalist] Desperate for some help regarding server attacks from the outside.
- From: "Mike Anderson" <mike@xxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Mon, 4 Jan 2010 12:35:46 -0600
Hello All,
After looking at all the software add-ons for ISA Server, it seems like
the primary focus of these products revolve around monitoring what users
within an organization do during the day, like web surfing habits, etc.
But what about protection of hosted servers behind the ISA Server, from
the masses of external Internet users? We don't have any users sitting
behind our ISA Server - we have 8 servers in a secure cabinet collocated
at a NOC, with a 20Meg Internet feed. We are using ISA Server in a pure
server hosting environment.
We have been experiencing many attacks (specifically from Canada) where
a user will just pound our website, trying to consume all our bandwidth
so there isn't anything left for all our legitimate users. I've seen
software packages like Bandwidth Splitter, etc. but again, it's all
about throttling users BEHIND the ISA Server to control how much
bandwidth they use when they are Internet surfing. We need to throttle
the bandwidth to EXTERNAL anonymous users, so they can't affect our
system as a whole.
I don't know where these people are coming from, but in order to affect
our servers like this, they must be performing these attacks from a NOC
- where they have access to a T-3 or better... I am just blown away,
that a single user out there, can jeopardize our business like this. I
wouldn't be surprised if this was a competitor trying to sabotage our
business, but we've worked too long and hard, to allow something like
this to happen to us.
Does anybody have any suggestions for us regarding this problem? I'd be
very grateful to hear anybody's thoughts on this whole thing. Just a
FYI, we are running ISA Server 2004.
Thanks in advance for all your help,
Mike
Other related posts:
