Hi,
I'm trying to find a good solution for DDoS attacks on IIS servers...
I thought I found a way via ModSecurity and the SecWriteStateLimit directive, but it seems this doesn't work on IIS, probably because it also depends on setting the requests in SERVER_BUSY_WRITE and the mod_reqtimeout.c in Apache...
I have a simple setup now with the dynamic IP restrictions extention (http://www.iis.net/downloads/microsoft/dynamic-ip-restrictions) which helps in case of a DDoS attack from the same IP, but that doesn't really work on slow DDoS attacks with long request timeouts or with seperate IP's...
Does anyone know of a different solution to handle these threads, besides upgrading to an IDS and spending a lot of money? ;-)
Thx a lot!