Re: Ports that are open on a Server

From: Jason (jason.ungerer@za.pwcglobal.com)
Date: 07/24/02 

From: "Jason" <jason.ungerer@za.pwcglobal.com>
Date: Tue, 23 Jul 2002 22:49:45 -0700

Hello Karl

The server is not an internet server, it is an internal
mail server already behind a firewall. The DoS that I
suspect has been from within our own office. Yet thank you
for the URL, I will be investigating that further. Many
thanks.
>-----Original Message-----
>Unless you have other clues you're not mentioning here,
this may not have
>been a DoS attack, it may have been a software or
hardware problem. You
>would definitely want a firewall with logging set up to
be able to 1) close
>the ports and 2) investigate who was sending you a DoS
and how to prevent
>it.
>
>It's insane to put a windows business server on the
internet with no
>firewall. Firewalls start at around $70 for a Netgear
NAT router, $500-ish
>for a Netscreen 5XP, free for an OpenBSD or Linux
firewall [some of which
>have an easy to use GUI aimed at home users, others boot
from a CD or boot
>floppy with no install necessary such as ClosedBSD]. You
may also want a
>software firewall in addition, such as Sygate which is
free for
>non-commercial use, $30 otherwise.
>
>If you rebooted your server and the problem went away,
that does not sound
>to me like a DoS. The DoS would theoretically still be
in progress, and the
>utilization should start going back up after the reboot.
Also, a DoS would
>*usually* aim to consume all of your server's resources
in a very short
>period of time, not gradually.
>
>You do however want to be sure you've secured your
system. Check out the
>Windows 2000 and IIS checklists and other tools at
>www.microsoft.com/security You'd also want to consider
an antivirus program
>like Norton that is set to download updates daily but is
also set to not
>scan the folders that are used by your email server. A
file change checker
>such as the free Languard file integrity checker from
www.gfi.com is also
>not a bad idea.
>
>"Jason" <jason.ungerer@za.pwcgloabl.com> wrote in message
>news:1989901c23236$6d8bdaa0$36ef2ecf@tkmsftngxa12...
>> Hi
>>
>> I have been subjected to a DoS. My Mail server's memory
>> utilization which increased by some 20% over 2 days. i
had
>> to result to shutdown and restart the server to clear
the
>> cache. is there a reference doc that i can look at to
try
>> and "plug up" and only keep necessary ports open.
>
>
>.
>

Relevant Pages

  • Re: login attempts
    ... > Every day i have on my win2000 iternet server a lots of wrong login ... Windows by default allows ... You also need a firewall. ... the internet, except for those ports you know you're using. ...
    (microsoft.public.win2000.security)
  • Re: Firewall on a single NIC SBS2003 Standard edition
    ... Frank McCallister SBS MVP ... > " Well, if you're wanting to run the firewall on a single NIC, you aren't ... Don't ask the server to do *everything*, ... > internet traffic from the workstations don't have to go through the SBS. ...
    (microsoft.public.windows.server.sbs)
  • Re: Internet on nodes
    ... I stopped the Firewall in SBS and could upload ... print' from both the server and a WS. ... Was not able to connect to the internet on the WS. ...
    (microsoft.public.windows.server.sbs)
  • Re: 2 NICs Configuration Problem
    ... the server as Paul envisaged it. ... gateway (to the Internet through the NIC connected to the Sonicwall DMZ ... NICs should not have default gateways configured for both. ... DMZ ports of any firewall, is an alternative path that cause great ...
    (microsoft.public.windows.server.networking)
  • Re: XP/SP2 Firewall über W2K GPO deaktivieren
    ... Weil es einen zentralen Zugangpunkt zum Internet gibt und dieser geschützt ... Dafür sorgt der Proxy Server für die Mitarbeiter. ... Meine Clients haben auch keine lokale Firewall installiert, ...
    (microsoft.public.de.german.win2000.gruppen_richtlinien)