I have a problem with a havy DDOS attack to our servers, all what I know is that the most attacks come from the IP's 18.104.22.168 and 22.214.171.124 and I have blokked this range, but our line is still blokked, is there somone that have a tool or a url or somthing where I can find help for this. ??
This week we experinced a DDOS attack to my ISA server, at least that's what I think. Suddenly we can't surf the internet. When I stop the firewall service we could surf through the proxy service. I check the event viewer and I saw a machine doing an intensive all port scan to my server. We made a to way filter two block the machine and it works. How could avoid those all port scan from machines on Internet? We have a router with access list blocking all unnecesary traffic from Internet but of course we permit smtp. Could the machines doing All port scan to may ISA use SMTP protocol to do that? Please any suggestion or information will be appreciated
The only problem with the BlockAttackeR.vbs file is that if it has bloked 1 IP then it came up with a message "cant add. this filter, because of a name violation" or somthing like this, I think that this is because it use the same description everyy time.
Any others that have found a solution for this problem ?, because the blokking function in this script is good.