IIS 5 & IIS 6
How can I find out attack attempts
Last post Oct 28, 2020 02:11 AM by samwu
Oct 23, 2020 01:25 PM|fernando-sianet|LINK
How do I find out in the IIS logs attack attempts?
Is there a tool that does this automatically?
Oct 26, 2020 02:23 AM|samwu|LINK
We have lot of tools and techniques available to identify DOS attacks. But, the classical way is to look at various log files and that’s where
LogParser will help us a lot. the LogParser can identify Denial of Service attacks from IIS Logs.
For a normal production server, we will see lot of log files in IIS logfiles folder. One classic way people follow as a preliminary step is to check for patterns in the sizes of those log files. If they see a sudden spike in size, they will pay attention
to those log files to check if they have recorded any malicious attempts. Instead of scrolling through that large list of LogFiles in windows explorer, we can leverage LogParser to query the sizes of those files.
More information about how to identify whether our application had undergone a DOS attack or not from the IIS logs you can refer to this link:
Log Parser - Identifying DOS attacks from IIS Logs
Oct 27, 2020 01:37 PM|fernando-sianet|LINK
That's exactly what I needed.
Thank you very much
Oct 28, 2020 02:11 AM|samwu|LINK
Please mark the answer so that it can help others with similar problems.