> We have an idea, that this could be a kind of anti DDoS on the > system/iis7 level,
I hope you have a hardware firewall, if so the logs should show DDos, purely from a size. I capture syslog output from my Sonicwalls using my own ComCap application (which uses ICS) and when the logs go over about 3 megs an hour, I know I've got a problem. Earlier in the year my servers were being used for DNS amplification DDos attacks against some Russian sites. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be