RE: IIS Stops serving randomly
From: Roopesh K K (anonymous_at_discussions.microsoft.com)
Date: 05/15/04
- Next message: Roopesh K K: "RE: IWAM Account"
- Previous message: JonathanL: "Re: IIS 6 fails anonymous connection"
- In reply to: Ron L: "IIS Stops serving randomly"
- Next in thread: Ron L: "Re: IIS Stops serving randomly"
- Reply: Ron L: "Re: IIS Stops serving randomly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 14 May 2004 15:56:07 -0700
***************
Check if the SSL sites works after changing port (change the port to 444) and try to access from a system in the same network, This may not work over a Internet connection because 444 may be blocked in most of the firewalls. So try accessing the site from same network with the alternate port
If it works on different port
***************
Stop IIS and try to telnet to the server with port 443. (If it connects to the server another application is listening on that port)
If you don not have an application which you have configured to run on 443 port it could be a malicious application listening on the port 443
***************
Run fport or TCPView to identify the applications/services which listens at port 443
Fport can be downloaded from http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/fport.htm
TCPview can be downloaded from http://www.sysinternals.com
***************
Check in Services for any suspicious services (Serv U, Fire Daemon etc.)
***************
Run house call (online virus scanning from any of the anti virus vendor) on your affected server
http://housecall.trendmicro.com/
or
http://us.mcafee.com/root/mfs/default.asp?cid=9914
look for any malicious application or Trojan in the system (ServU, TROJ_SERVI.A etc.)
***************
Search for "443" in registry. Check If you can find this number associated with any other application or services.
For example:
"hklm\system\currentcontrolset\services\sysmon\parameters\appparameters = 443"; This indicates possibility of a service which listens at 443 port which may affect SSL sites.
If you detect another service or Application listens at port 443 which affects IIS. you may confirm that the system has been affected with that malicious application.
Thanks & Regards
Roopesh
- Next message: Roopesh K K: "RE: IWAM Account"
- Previous message: JonathanL: "Re: IIS 6 fails anonymous connection"
- In reply to: Ron L: "IIS Stops serving randomly"
- Next in thread: Ron L: "Re: IIS Stops serving randomly"
- Reply: Ron L: "Re: IIS Stops serving randomly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
