Many DoS attacks that I have had to deal with have been launched by people who buy/lease a few 100 servers from one hosting company and then attack my site. When viewing the Resource Monitor it becomes obvious that it is an attack because you can quickly see that most of the traffic is suddenly coming from one subnet. I would like to be able to set:
subnet mask: 255.255.255.0 maximum number of concurrent requests: 32
(if there are 254 possible hosts on that subnet, you'd set it to block the number of requests you think could be legitimate, 32 might actually be high)
maximum request: 64 per milliseconds: 1000
subnet mask: 255.255.0.0 maximum number of concurrent requests: 64
maximum request: 128 per milliseconds: 1000
subnet mask: 255.0.0.0 maximum number of concurrent requests: 128
maximum request: 256 per milliseconds: 1000
↧