Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Protect against ddos
#1
Hello,

i have an intraweb application running as ISAPI.DLL in IIS.

How can i protect against ddos attacks.

I have testet, everyone on this world knowing my hostname und Name of the dll can crash my side with a simple stress tool.

It takes just 5 to 10 minutes to crash the side and also all other websides running in iis.

How can i protect against it.

Thanks
Theo
Reply
#2
There are steps you can take to help minimize this in your application. However the rest of IIS will still be exposed so it is better to implement a general DDOS prevention rather than one specific to just one application.

From the IIS level, even it is recommended to implement it a level above IIS using a firewall. By the time it reaches IIS its already had to use a socket and a DDOS attack can occur even at that low level. So if you really want to effectively prevent DDOS you need to do it at a level that is lower on the network API than IIS where it can prevent a socket from ever being established which means via a firewall.
Reply
#3
A simple way is to close the session if there are too may open sessions at the same time

procedure TIWUserSession.IWUserSessionBaseCreate(Sender: TObject);
begin
  if gSessions.GetCount >20
  then
    WebApplication.Terminate
end
Reply
#4
You can also do some checks to limit number of sessions per IP or IP block. This can help with a "session start attack" but a DOS attack happens at a lower level and must be handled at the firewall level to be effective.
Reply
#5
(11-15-2019, 06:51 PM)kudzu Wrote: You can also do some checks to limit number of sessions per IP or IP block. This can help with a "session start attack" but a DOS attack happens at a lower level and must be handled at the firewall level to be effective.
I came across pranksters who were making a DOS attack through a list of proxy servers. They opened a hundred sessions within a minute and each IP was different. Of course, if they were constantly doing this attack, I don't know how my web application could be used at all. The attacks mostly came from India and China, sometimes from the USA.
Reply
#6
This is not something that is unique to IW. All web applications can be hit the same way and the same types of steps must be taken to prevent such.

You could delay or limit the number of new sessions per time period, total number of sessions, etc. You could also use a captch launch page to prevent them from starting a new session until a captcha is passed.

Does your application require login?
Reply
#7
What's is your IW version? What are the request paths that start a new session?

IW 15.1.x has some nice features to block common attacks.
Reply
#8
version is 15.1.5 and continually the indy server freezes with message
http/1.1 429 too many requests
when I try to test my app from
https://www.uptrends.com/tools/uptime
Reply
#9
Have you logged what kind of requests are those?
Reply
#10
If you have not a request logging in place, you can turn on the session logging, if you haven't already done so. Set ServerController.LogSessionEvents to TRUE, and leave it running for some time (a few hours should be enough). Then you can collect data regarding what kind of requests are starting a new session.
Just have in mind that this log file can become huge if you leave it running for long...
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)