Solved

New firewall - slow response - "Inbound UDP" & SQL 1433, 1434 attempts.

Posted on 2004-10-17
6
771 Views
Last Modified: 2016-03-23
Hi,
I have web server with a Linksys router that I only have 1433, 80, & 8080  forwarded.   I loaded a new firewall (TPF 6.0) and now all the web sites are getting terribly slow response and I am getting constant attempts on Inbound UDP and SQL (1433,1434) access attempts - oh, and DLLHOST, too.
All the sites I host are data driven - the data displayed on the sites are from SQL databases.
I have several questions relating to this:
Are the other ports open if they are not being forwarded or do I need to do something else to close them?
Why would a new firewall slow down response time (same product, upgraded version)?
Are the inbound attempts really from hackers/viruses/trojans (etc) or are they legitimate and how can I tell the difference?
How can web users still get the sites to come up if I deny all the inbound access attempts (which I'm doing now)?
Any other thoughts would be appreciated as I'm just trying to learn all I can about hosting before I get wiped out.
Thanks -
0
Comment
Question by:dcass
  • 3
  • 2
6 Comments
 
LVL 6

Expert Comment

by:Sebo2000
ID: 12336126
Run the simultaneous trace with netmon or ethereal from ethereal.com on that server and the client while you are accessing the page and having the problem. See what is the problem if you sync the time with server then you will have a time line in the trace and be able to see if the linksys is the problem.
0
 
LVL 15

Expert Comment

by:Cyber-Dude
ID: 12337821
Disable ICMP service.

Cyber
0
 

Author Comment

by:dcass
ID: 12342075
Is this how to disable it?
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
The default value of 1 enables ICMP redirects, and 0 disables ICMP redirects.
Will this help speed things up?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 15

Expert Comment

by:Cyber-Dude
ID: 12345623
Yap!

Also, you may harden the server by allowing only needed ports to be opened thus excluding any unneeded traffic. If you wish to have a step-by-step like guide just tell me, leaving the exact server version.

Cyber
0
 

Author Comment

by:dcass
ID: 12345940
Yes I would like to know how and it's W2K server.
Did the above code stop the ICMP and does that help make it more secure?  I've read about it but a plain definition of what ICMP is would help.
0
 
LVL 15

Accepted Solution

by:
Cyber-Dude earned 500 total points
ID: 12346531
It may take you a step further; but theres no way to guarantee full security:

Before starting, check all the ports you want to allow on the server (i.e. Port 80 for http, Port 25 for smtp and forth).

1. Right-click 'My Network Places' => Choose 'Properties' => Right-click 'Local Area Connection' => Choose 'Properties'.
2. Select 'Internet Protocol (TCP/IP)' and click 'Properties' => Click 'Advanced' button.
3. Choose the 'Options' tab.
4. Select 'TCP/IP Filtering' => Click 'Properties'.

Modify your settings over there (the allowed ports).

Restart the server

Cyber

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

827 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question