OT: MS Server Question, HELP!, calling on the geeks ... Options

[SirAndy]

sooo, on one (actually 2) of our servers running IIS, we get a lot of hack attempts lately. they're all of the same type, buffer overflow attacks on port 80.

i have all the latest security patches (Windows NT 4) and they are NOT compromising the box, that's the good news.

the bad news is, that lately, the type of attack has slightly changed and now they succeed in crashing IIS!

so here's the problem:
this box (or 2) run important eCommerce websites for me so closing port 80 or moving to another port is NOT an option.
moving to another OS is NOT an option. banning IP's is NOT a option (most of those kids are on dialup DSL, so i would have to block a whole range, most likely cutting out legit customers)
how can i run those websites without having IIS die on me a couple of times a day?

the only thing i can think of is to implement some sort of content filtering that removes malicious code before it gets to the web-server.
anyone here who has a running example of a setup like that?
what (good) firewalls have that sort of filtering and how much do they cost?

i'm at the end of the rope here ... (IMG:style_emoticons/default/fighting19.gif)
Andy

[SirAndy]

(IMG:style_emoticons/default/headbang.gif) (IMG:style_emoticons/default/hanged.gif)

sooo, i go and get the latest version of IIS-Lockdown. newer is better, right?
on MickeySoft's website it says it's compatible with NT4,
so i install it.

all goes well, i make sure the URLScan ini file has the right settings, restart the box AND:

nothing works anymore! (IMG:style_emoticons/default/fighting19.gif)

turns out, the version of IIS-Lockdown i just installed applied Win2k type security settings to ALL my folders and NT4 can't read it! (IMG:style_emoticons/default/ar15.gif)

i'm going to jump out of the window now, you guys all have a nice day ...
Andy