Re: Ports that are open on a Server
From: karl [x y] (jamescagney90210@excite.com)
Date: 07/23/02
- Next message: Michael: "Disabled services and now can not start them..."
- Previous message: Marlon Brown: "Re: Options to let you users install software on the laptops"
- In reply to: Jason: "Ports that are open on a Server"
- Next in thread: Jason: "Re: Ports that are open on a Server"
- Reply: Jason: "Re: Ports that are open on a Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "karl [x y]" <jamescagney90210@excite.com> Date: Tue, 23 Jul 2002 10:29:45 -0400
Unless you have other clues you're not mentioning here, this may not have
been a DoS attack, it may have been a software or hardware problem. You
would definitely want a firewall with logging set up to be able to 1) close
the ports and 2) investigate who was sending you a DoS and how to prevent
it.
It's insane to put a windows business server on the internet with no
firewall. Firewalls start at around $70 for a Netgear NAT router, $500-ish
for a Netscreen 5XP, free for an OpenBSD or Linux firewall [some of which
have an easy to use GUI aimed at home users, others boot from a CD or boot
floppy with no install necessary such as ClosedBSD]. You may also want a
software firewall in addition, such as Sygate which is free for
non-commercial use, $30 otherwise.
If you rebooted your server and the problem went away, that does not sound
to me like a DoS. The DoS would theoretically still be in progress, and the
utilization should start going back up after the reboot. Also, a DoS would
*usually* aim to consume all of your server's resources in a very short
period of time, not gradually.
You do however want to be sure you've secured your system. Check out the
Windows 2000 and IIS checklists and other tools at
www.microsoft.com/security You'd also want to consider an antivirus program
like Norton that is set to download updates daily but is also set to not
scan the folders that are used by your email server. A file change checker
such as the free Languard file integrity checker from www.gfi.com is also
not a bad idea.
"Jason" <jason.ungerer@za.pwcgloabl.com> wrote in message
news:1989901c23236$6d8bdaa0$36ef2ecf@tkmsftngxa12...
> Hi
>
> I have been subjected to a DoS. My Mail server's memory
> utilization which increased by some 20% over 2 days. i had
> to result to shutdown and restart the server to clear the
> cache. is there a reference doc that i can look at to try
> and "plug up" and only keep necessary ports open.
- Next message: Michael: "Disabled services and now can not start them..."
- Previous message: Marlon Brown: "Re: Options to let you users install software on the laptops"
- In reply to: Jason: "Ports that are open on a Server"
- Next in thread: Jason: "Re: Ports that are open on a Server"
- Reply: Jason: "Re: Ports that are open on a Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
