Denied IP getting through IIS

Discussion in 'Windows 2008/IIS 7' started by rmallonday, Mar 30, 2012.

Thread Status:
Not open for further replies.
  1. I have an IP address that is actively attempting SQL injection attacks on my site. I put this IP into the IIS Manager Deny list 2 days ago and this morning he got through with at lease a dozen injection attack attempts.

    How is he getting through the IIS Deny?

    His IP is 192.168.211.3
     
  2. mjp

    mjp DiscountASP.NET Staff

    That's a local IP. Where are you getting that IP, from your logs?
     
  3. I log all activity to an usage table so I get a better idea of what is going on in the site.

    What do you mean by "it's a local IP"?
     
  4. Local IP is the static / dynamic IP issued by your router/hub. Its non public facing meaning its only good within your internal network (192.168.xxx.xxx) IIS does not filter these IP's

    192.168.1.0 / 1 Is an internal IP which would normally be the gateway. Connect to it, and see the DHCP client table to see who was assigned for (192.168.211.3) within your private network
     
  5. Ok, this is a bit disturbing. What router/hub? As far as I know I have no router/hub. I definitely don't have a private network that I know of. To get these values I'm using Request.UserHostName and Request.UserHostAddress.
     
  6. mjp

    mjp DiscountASP.NET Staff

    Well, our network could use private IPs for internal server to server connections as well. jayc is referring to typical home use of private IPs.

    I'm checking with the system admins right now to see what they think.
     
  7. I would suggest you to open a support ticket with a copy of this log attached so we can investigate further.
    support.discountasp.net
     
  8. Bruce

    Bruce DiscountASP.NET Staff

    i also think you should create a support ticket. we need further details that you might not want to post in a public forum.
     
Thread Status:
Not open for further replies.

Share This Page