Random URL string: What kind of attack is this, and what can be done to stop it?
This pattern look for me like fuzz logic/testing.
The reason can be to fingerprint your infrastructure
and/or
Get/find any bug in your web software which can be explited further
and/or
Find nonsecured resources in web site for stealing some internal/customer info.
The usage of fuzz logic also seems to be for search for valid path in the web site/app(s)
P.S. Of course this above is worst case scenario, but in security IMHO this is the way to get good evaluation of particular issue
I agree with @RomeoNinov that this is likely fuzz logic/testing or just a scanner sweeping all available applications. In terms of stopping this, you're best off white-listing all acceptable requests. Otherwise you're playing whack-a-mole by blocking all unnecessary requests which is far too large to keep up with.
My recommendation is to leverage IIS Request Filtering since it is native functionality within IIS7+. Add all of the application's URLs (i.e. cs-uri-stem) to the alwaysAllowedUrls
setting. Then set the allowable file extensions to the following as it will only allow the default document and no others. Just having these two items in place would have returned an HTTP 404 very early in the IIS pipeline so the request wouldn't have been processed by application code.
<fileExtensions allowUnlisted="false">
<clear/>
<add fileExtension="." allowed="true" />
</fileExtensions>
FWIW, I've been posting to my blog about defining thresholds for IIS Request Filtering. There's still much to add but hopefully it will help get you started.