Does sound like a DOS attack of some sort (had similar problems with some standard IIS servers). If the logs arent too revealing, get your comms guys to enable incoming logging on the firewalls / firewall routers for traffic destined for your front-end server. Should be easy for them to do.
As for blocking the traffic they can do that fairly easily as well, provided its all from the same / similar places (ours was). The problem with trying to block it at the front end server is that by then the box has already seen the traffic and may be too late to stop it. Also (as always) make sure you are running the correct suite of patches on your front-end server. G. ----- Original Message ----- From: "Fyodorov, Andrey" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Tuesday, July 01, 2003 11:06 PM Subject: something is killing IIS on one of my front-ends Recently, I have had problems with one of my front-end Exchange 2000 servers. It looks like IIS gets bogged down with something. Eventually IIS stops responding and resets itself. Earlier this morning, I was just looking at a few things and noticed that all of a sudden IIS got 17,000+ connections at a rate of ~50 per second. I am going to check the logs and try to find out where these connections came from. Hopefully they are all from one place so that I could block that source IP address. And I am fishing for suggestions as to what else I could do to track this down. Thanks _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
