> We have an idea, that this could be a kind of anti DDoS on the
> system/iis7 level,
I hope you have a hardware firewall, if so the logs should show DDos,
purely from a size.
I capture syslog output from my Sonicwalls using my own ComCap
application (which uses ICS) and when the logs go over about 3 megs an
hour, I know I've got a problem.
Earlier in the year my servers were being used for DNS amplification DDos
attacks against some Russian sites.
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be