Snort mailing list archives
Re: Is this a Denial of Service (DOS) attack on the Internet Information Services (IIS) Web Server?
From: wkitty42--- via Snort-users <snort-users () lists snort org>
Date: Thu, 1 Nov 2018 07:55:07 -0400
On 11/1/18 6:26 AM, Turritopsis Dohrnii Teo En Ming wrote:
Since 13 October 2018, their IIS web server logs have grown extremely huge (465 Gigabytes to-date) and completely filled up the entire C:\ drive, leaving it without any free space. Nobody can access any web application now. > Is this characteristic or symptom of a Denial of Service (DOS) attack?
possibly but no one can tell with the minuscule amount of information given... it is quite possible that their system's log rotation services have not been running for some reason... if that's the case, fixing that would be part of the solution...
Should I advise the client to turn on Intrusion Prevention System (IPS) and Flood Protection and enable Geo-IP Filter and Botnet Filter at the firewall/network security appliance level to mitigate DOS attacks?
IMPO, that's up to you and your company if you want or even can support them in that function... your company may not want to take on that additional risk... instead of adding more logs, one should look at the existing logs and determine from them what is going on before "adding more wood to the fire"... that's where i'd start...
-- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list unless* *a signed and pre-paid contract is in effect with us.* _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Is this a Denial of Service (DOS) attack on the Internet Information Services (IIS) Web Server? Turritopsis Dohrnii Teo En Ming (Nov 01)
- Re: Is this a Denial of Service (DOS) attack on the Internet Information Services (IIS) Web Server? wkitty42--- via Snort-users (Nov 01)