Home
ASP.NET Forums » Windows Hosting » Hosting Open Forum » Dos Attacks, what to do?

Dos Attacks, what to do?

Last post 03-26-2008 4:51 AM by Ahmadi_rad. 2 replies.

Sort Posts:

  • Dos Attacks, what to do?

    03-22-2008, 11:57 AM
    • Member
      29 point Member
    • Ahmadi_rad
    • Member since 05-24-2007, 8:07 AM
    • Posts 95

    Dear guys

    I'm developing a web application that needs to upload data to a sql server from client machins(direct login to server or use web services), and it's a rather long time that I concerned the matter of DOS attacks, but can't find a total solution for that.

    The best thing I found was tracking IP address of end users(http://weblogs.asp.net/omarzabir/archive/2007/10/16/prevent-denial-of-service-dos-attacks-in-your-web-application.aspx), but this can be easily overcome by spoofed IP addresses. now I think there is not so much that I can do for this matter, but rely on capabilities of host.

    I wanted to ask you guys for a general overview. What shall we ask from hosting company? Is there even a thing that they can do to ask from them?

    How large companies like credit card processing companies overcome this problem? Can we use the same methods?

    Is it better to use services of such companies like hosting by Yahoo?

    Are any web hosting companies well known to be reliable against such attacks?

    Or any other points that you may find usefull.

    Thanks a lot

     

  • Re: Dos Attacks, what to do?

    03-25-2008, 8:26 PM
    • Star
      11,568 point Star
    • Bruce L
    • Member since 02-08-2007, 6:53 PM
    • Posts 1,935

    Most people would do take on a strategy of block everything other than the whitelisted IPs.  I am not sure what your application's intentional use is and am not sure if this is applicable in your situation.

    If your users base are all registered user with a known IP, I would blist everything and have them insert their IP into the whitelist.

    Another strategy you can consider is to have restriction in time between each call.  It is rather complicated, but doable.  In your web service, you would track the user's last connection time and in every connection, you check if they are connecting too frequently.

    Bruce
    DiscountASP.NET - ASP.NET Hosting Experts
    Voted 2009 "Best ASP.NET Hosting" by asp.netPRO Magazine
    Win2008/IIS7.0, ASP.NET 2.0/3.5 SP1, MVC, AJAX, Silverlight, SQL 2008/2005

  • Re: Dos Attacks, what to do?

    03-26-2008, 4:51 AM
    • Member
      29 point Member
    • Ahmadi_rad
    • Member since 05-24-2007, 8:07 AM
    • Posts 95

    My attention to this matter may be too much paranoid!

    In fact I'm blcoking time consuming operations for too frequent users. And I'm also checking IP address of incomming requests and block too frequent IPs. This may be more than enough for a small business which has registered users.

    But my question were about IP snoofing and sending too frequent incorrect login requests to system. This may not happen to my site, but even if it happens, there doesn't seem to be a way for defending for me.

    Anyhow, if it happens or not, I prefere to rely on hosting companies whom pay attention to this matter. 

    Thanks a lot
Page 1 of 1 (3 items)
RSS Available

Contact | Advertise | Issue Management by Axosoft's OnTime | Running IIS7
All Rights Reserved. | Terms of Use | Trademarks | Privacy Statement
© 2009 Microsoft Corporation.