jamessa
asked on
Assistance needed with a computer in our network opening a 1000 ports
We have had issues for the past 2 weeks with our internet going in and out but we could use yahoo and also stream music. Today we found out that one of the computer systems had a 1000 concurrent connections open. They are all open to one IP address. We are scanning it now for viruses and spyware. What could we do to prevent this from happening again? IS there a way to issolate what is causing this?
If you have Cisco switches in the LAN you can enable QoS to limit out-of-profile traffic to very low bandwidth, but the real place it gets limited is at the choke point between the switch and the router/firewall.
ASKER
I have Dell POE switches.
Dell's are inexpensive for a reason. They are feature poor... If your particular model does support QoS I would not be able to tell you how to enable it. The 3800 series does not appear to support QoS
3400 series marketing fluff says it supports QoS, and I've looked at the User Guide "Configuring Quality of Service". It is quite detailed, but unless you really know what you're doing here it could hurt more than help.
And even if we did get it all configured on the switch, and the connection to the router/firewall is still 100Mb, then the router itself is the bandwidth contention point and the only place that can drop packets, therefore QoS would have to be configured here to match what comes out of the switch.
Yes, it is a very black art to get QoS fully working. I just spent a full week at Cisco Advanced Quality of Service class and I still know just the tip of the iceberg and just enough to at least understand what the user guide is talking about, and just enough to know that I'm no expert and a mis-configured QoS can be very harmful to any network.
3400 series marketing fluff says it supports QoS, and I've looked at the User Guide "Configuring Quality of Service". It is quite detailed, but unless you really know what you're doing here it could hurt more than help.
And even if we did get it all configured on the switch, and the connection to the router/firewall is still 100Mb, then the router itself is the bandwidth contention point and the only place that can drop packets, therefore QoS would have to be configured here to match what comes out of the switch.
Yes, it is a very black art to get QoS fully working. I just spent a full week at Cisco Advanced Quality of Service class and I still know just the tip of the iceberg and just enough to at least understand what the user guide is talking about, and just enough to know that I'm no expert and a mis-configured QoS can be very harmful to any network.
ASKER
I have 2 3448P switches and I dont think I will ttempt mess with Quality of service. I have ran Hijack this with no avail, I have ran spybot and it came up with nothing. adaware came up with 2 interesting dataminers, but I could not find any info on them. I am having VAV do a scan now.
ASKER
Sorry I meant to say NAV
ASKER
I really dont want to connect this thing to my network now so the above app is out.
ASKER
Is there anyway of watching what this thing is doing on my network if I were to put it back on?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well I have downloaded activeports and I do not see anything weird. I connected it to the internet today to run housecall. The weird thing is while housecall was running it reported that my internet connection was slow. I have a full T1 and don't have a slow down. Now I know this could also be their servers too, I just thought it was weird. About 30 minutes into running the program the internet went down again. It had the same symptoms as before. Our Yahoo IM stayed up and so did streaming music. i looked at active ports and there were not 1000 ports open at all. Also nothing weird? I can not explain this.
My isp tech told me we were maxing out our ports yesterday. We are limited to 1500 and this one computer was using 1000+. This explains why Yahoo IM and streaming music stayed up, they already had ports open. Web browsing was only going through when this PC would close some ports. I guess I am left with wiping this computer and starting over. This would have been the easy thing to do, I just wanted to get to the bottom of what or who was doing this. I am still confused as to why this is not showing up on any program used on this computer.
My isp tech told me we were maxing out our ports yesterday. We are limited to 1500 and this one computer was using 1000+. This explains why Yahoo IM and streaming music stayed up, they already had ports open. Web browsing was only going through when this PC would close some ports. I guess I am left with wiping this computer and starting over. This would have been the easy thing to do, I just wanted to get to the bottom of what or who was doing this. I am still confused as to why this is not showing up on any program used on this computer.
ASKER
Thanks for your help!
Add multiple layers of spam/antivirus. Scan inbound and outbound email traffic and keep good AV and anti spyware on the desktop. Windows Defender is good and free. AVG is a good AV
Install a URL content filtering appliance like iPrism http://www.stbernard.com/iPrism