I am sure many of you are already aware that an attack on WordPress blogs has been occurring over the last 2 days. The initial wave of the attack appeared to be a brute force attack. However, after blocking a many IP ranges and the problem still not resolving my team began digging a bit deeper and found a solution.
We are using a multisite installation on Windows Server 2003.
We had to change the application pool for our install to make the sites accessible again. Then we found in the security log that Windows Firewall identified an unknown application was "listening" for incoming UDP traffic. We also noted that with each thread of incoming UDP our site was then "pinging" itself multiple times so that it did not appear to be an attack but rather it looked like an internal coding issue.
By blocking incoming UDP traffic to our site the issue appears to be resolved in that our site is no longer pinging itself.
I hope this is helpful to anyone else that has been loosing hair over this issue.