the web.config file in IIS is where a lot of this kind of filtering goes on, so that may be a place to try and filter out these odd urls (ie anything that is not www or non-www).

In an earlier version of our infrastructure we had rewrite rules in the IIS web.config file to explicitly deal with HTTP_HOST header spoofing to make sure that only requests for valid hosts were coming to the applications. (In our current infrastructure, all of that sort of BFM happens well before the request gets to the web server.) We cared because there was no legitimate reason to allow goofy stuff like that through and because in some cases we were using host/server names to determine what environment the application was running in. Looking at some of those you’ve noted, that sort of looks like what you’re dealing with here?

@rstewart Yes, that sounds like what we are seeing here. It's tying up resources and we'd like to block that stuff. Can I ask you how you did it before in web.config and how you are doing it now in your current infrastructure?

Firewalls and null routing works wonders.

@Evil Ware We use IIS. Do you know if null routing could work that way? I'm googling but it's not that clear to me.

Null routing is a nice term for not allowing the bad network to route to your protected host or network. You can do this on windows its route add X.X.X.X mask Y.Y.Y.Y Z.Z.Z.Z if 1 -p