Re: Many Connections from each Web Client

On May 8, 8:26 pm, Baboon <bab...@xxxxxxxxxxxxxx> wrote:
I was asked to take a look at an IIS Website running on Windows 2000 Server
because of reports of slowness. The site is for a small research group that
is part of the University I work for, and there typically aren't a lot of
clients connected at one time, so the server should be able to handle the

When I run netstat -a I see that each client has many connections from
random ports to HTTP on the server (maybe 50 or more from each client). That
doesn't seem normal to me, but I am not sure. Also, when I run fport, I see
that there are many random ports being listening upon by inetsrv.exe, which
also seems odd to me. The Webmaster uses ColdFusion to configure the
content, so that may play a role as well.

Can anyone confirm whether or not this seems normal? The server is running
SP 4 and appears to be up to date with patches, but IIS apparently was never
locked down, I.E. - No urlscan, IIS Lockdown, and with a default installation.


I am not aware of any IIS/Windows file called inetsrv.exe.

Closest name for IIS is inetinfo.exe - there should only be one
instance, and it should listen to as many ports as there are unique
ports in IP:Port bindings in IIS configuration.

I think this server has been hacked. W2KSP4 is still vulnerable to
several worms unless the server has all security patches.



Relevant Pages

  • RE: 401.2 Errors
    ... the server name as their proxy server, ... really understand the point in deploying the Firewall Client to all clients. ... I had a look at the log file but it only seems to be ... recording access that the IIS Server itself goes through. ...
  • Re: Connect Computer Problem at 2 Customer Sites
    ... I understand this issue to be: the client ... please restart the IIS service. ... join the domain has got the valid IP address and DNS server address in the ... Microsoft Online Newsgroup Support ...
  • Re: Problem with connect computer wizard
    ... You mentioned that you're using Anonymous access with Administrator ... Open ConnectComputer properties in IIS. ... And there is only the DNS server be configured on client ...
  • Re: IIS6 caching
    ... On the server side, IIS6 will cache static files in kernel mode response ... No. IIS compression was not enabled. ... >>>> a client site or proxy caching issue. ...
  • Re: [Probably Dumb Newbie] Question re WSE3 WSSecurityKerberos Sample
    ... Changed VS.NET Solution to use IIS instead of WebDev.WebServer.EXE. ... I can work with my Network Admins to find out the specifics of our Active ... Client and Service are in same SLN (after all, ... will require both client and server side to authenticate against the KDC( ...