Re: Ports that are open on a Server

From: karl [x y] (
Date: 07/23/02

From: "karl [x y]" <>
Date: Tue, 23 Jul 2002 10:29:45 -0400

Unless you have other clues you're not mentioning here, this may not have
been a DoS attack, it may have been a software or hardware problem. You
would definitely want a firewall with logging set up to be able to 1) close
the ports and 2) investigate who was sending you a DoS and how to prevent

It's insane to put a windows business server on the internet with no
firewall. Firewalls start at around $70 for a Netgear NAT router, $500-ish
for a Netscreen 5XP, free for an OpenBSD or Linux firewall [some of which
have an easy to use GUI aimed at home users, others boot from a CD or boot
floppy with no install necessary such as ClosedBSD]. You may also want a
software firewall in addition, such as Sygate which is free for
non-commercial use, $30 otherwise.

If you rebooted your server and the problem went away, that does not sound
to me like a DoS. The DoS would theoretically still be in progress, and the
utilization should start going back up after the reboot. Also, a DoS would
*usually* aim to consume all of your server's resources in a very short
period of time, not gradually.

You do however want to be sure you've secured your system. Check out the
Windows 2000 and IIS checklists and other tools at You'd also want to consider an antivirus program
like Norton that is set to download updates daily but is also set to not
scan the folders that are used by your email server. A file change checker
such as the free Languard file integrity checker from is also
not a bad idea.

"Jason" <> wrote in message
> Hi
> I have been subjected to a DoS. My Mail server's memory
> utilization which increased by some 20% over 2 days. i had
> to result to shutdown and restart the server to clear the
> cache. is there a reference doc that i can look at to try
> and "plug up" and only keep necessary ports open.

Relevant Pages

  • Re: [fw-wiz] Firewalls that generate new packets..
    ... if it has the proper syns/acks let it through. ... This is a recipe for DOS disaster of course. ... As Marcus said, no firewall, be it stateless, stateful, proxy, ... I first heard the term "deep packet inspection" around 5 years ...
  • Re: Ports that are open on a Server
    ... The server is not an internet server, ... mail server already behind a firewall. ... The DoS that I ...
  • Re: CA vs. Symantec vs. Microsoft
    ... Microsoft can release antispyware for the cooperation and power ... I am disappointed that XP has a poor legacy substitute DOS shell ... :> You do not use a firewall and so you must be playing with fire. ...
  • Re: Stand alone linux webserver security tuning
    ... You don't really need a firewall on a standalone webserver. ... only very few DoS types you can handle on the host itself (syn floods ... $IPT -P OUTPUT ACCEPT ...
  • Re: CA vs. Symantec vs. Microsoft
    ... We are moving away from DOS.. ... the Microsoft antispyware does show promise but we ... > wheras 98SE has true MS-DOS but still lacks some DOS commands as PCR has ... >:> You do not use a firewall and so you must be playing with fire. ...