How to identify which web service is causing a DoS (Windows 2003 server)
Posted on 2010-11-17
Recently, one of our Windows 2003 servers has been pushing out it's ethernet maximium 100mbps due to what we believe to be a DoS hack. I think the problem comes from a web service. This is a shared hosting server. When the peak occurs, if I turn off the IIS web server, the peak instantly stops. I tried doing this on a per domain approach when the peak happens as well but it's difficult to find the exact culprite as it seems the hack can tell i'm problem solving this and just when I think one specific Web service is the source, reactivating it doesn't start up the peak again ...
Is there a simple Windows tools that will allow me to individually monitor Web service output ? I tried the Performance tuning console with all Web services added but this was non conclusive as the peaks had no effect on the "total bytes/sec" charts of all Web services ?
Any thoughts on this ?