Re: IIS Denial of Service?

Chris (chrisCYBERBOOKIES.COM)
Sun, 31 Oct 1999 16:52:04 -0500

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Mark: "Re: IIS Denial of Service?"
• Previous message: Noël, Richard: "Caching of passwords revealed after installing SP6"
• Next in thread: Mark: "Re: IIS Denial of Service?"
• Reply: Mark: "Re: IIS Denial of Service?"

Where can i find tools like webhammer? I've bene curious to see how big of
a load our servers can handle.

chris

> -----Original Message-----
> From: Daniel Docekal [mailto:ddocMIA.CZ]
> Sent: Sunday, October 31, 1999 3:16 PM
> To: WIN2KSECADVICELISTSERV.NTSECURITY.NET
> Subject: Re: IIS Denial of Service?
>
>
> It has to be very poorly configured (sw and hw) server with some very
> poorly written ASP code - then it is always possible to bring IIS4.0 to
> it's knees - one does not need crawling robot, it is enough to hit
> server with enough request for particular ASP pages which involves
> scripting and/or database or file object accesses.
>
> Nothing new and nothing uncommon in today's world of unexperienced
> pseudoprogrammers writing junk code.
>
> Daniel
>
> > I received this message this morning. After reading it
> > through, the only
> > thing the comes to mind immediately is that these IIS servers
> > may have been
> > set up to not limit incoming connections -- that is to say,
> > they were left
> > config'd to allow unlimited connections (default setting.
> >
> > Anybody have any ideas? It should be easy to test this out using a Web
> > loading tool such as Webhammer. But I haven't tried it myself yet.
>

• Next message: Mark: "Re: IIS Denial of Service?"
• Previous message: Noël, Richard: "Caching of passwords revealed after installing SP6"
• Next in thread: Mark: "Re: IIS Denial of Service?"
• Reply: Mark: "Re: IIS Denial of Service?"

This archive was generated by hypermail 2.0b3 on Sun Oct 31 1999 - 16:43:14 CST