[isalist] Re: Desperate for some help regarding server attacks from the outside.
- From: D PIETRUSZKA USWRN INTERLINK INFRA SHIFT MGR <DPietruszka@xxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 4 Jan 2010 14:19:15 -0500
What about the flood mitigation settings?
Regards
Diego R. Pietruszka
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Steve Moffat
Sent: Monday, January 04, 2010 1:51 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Desperate for some help regarding server attacks from
the outside.
Not a lot you can do about that except get the IP that's doing it traced &
blocked & inform the authorities....
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Mike Anderson
Sent: Monday, January 04, 2010 2:40 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Desperate for some help regarding server attacks from the
outside.
Hello All,
After looking at all the software add-ons for ISA Server, it seems like the
primary focus of these products revolve around monitoring what users within an
organization do during the day, like web surfing habits, etc.
But what about protection of hosted servers behind the ISA Server, from the
masses of external Internet users? We don't have any users sitting behind our
ISA Server - we have 8 servers in a secure cabinet collocated at a NOC, with a
20Meg Internet feed. We are using ISA Server in a pure server hosting
environment.
We have been experiencing many attacks (specifically from Canada) where a user
will just pound our website, trying to consume all our bandwidth so there isn't
anything left for all our legitimate users. I've seen software packages like
Bandwidth Splitter, etc. but again, it's all about throttling users BEHIND the
ISA Server to control how much bandwidth they use when they are Internet
surfing. We need to throttle the bandwidth to EXTERNAL anonymous users, so
they can't affect our system as a whole.
I don't know where these people are coming from, but in order to affect our
servers like this, they must be performing these attacks from a NOC - where
they have access to a T-3 or better... I am just blown away, that a single
user out there, can jeopardize our business like this. I wouldn't be surprised
if this was a competitor trying to sabotage our business, but we've worked too
long and hard, to allow something like this to happen to us.
Does anybody have any suggestions for us regarding this problem? I'd be very
grateful to hear anybody's thoughts on this whole thing. Just a FYI, we are
running ISA Server 2004.
Thanks in advance for all your help,
Mike
Other related posts:
