dcass
asked on
New firewall - slow response - "Inbound UDP" & SQL 1433, 1434 attempts.
Hi,
I have web server with a Linksys router that I only have 1433, 80, & 8080 forwarded. I loaded a new firewall (TPF 6.0) and now all the web sites are getting terribly slow response and I am getting constant attempts on Inbound UDP and SQL (1433,1434) access attempts - oh, and DLLHOST, too.
All the sites I host are data driven - the data displayed on the sites are from SQL databases.
I have several questions relating to this:
Are the other ports open if they are not being forwarded or do I need to do something else to close them?
Why would a new firewall slow down response time (same product, upgraded version)?
Are the inbound attempts really from hackers/viruses/trojans (etc) or are they legitimate and how can I tell the difference?
How can web users still get the sites to come up if I deny all the inbound access attempts (which I'm doing now)?
Any other thoughts would be appreciated as I'm just trying to learn all I can about hosting before I get wiped out.
Thanks -
I have web server with a Linksys router that I only have 1433, 80, & 8080 forwarded. I loaded a new firewall (TPF 6.0) and now all the web sites are getting terribly slow response and I am getting constant attempts on Inbound UDP and SQL (1433,1434) access attempts - oh, and DLLHOST, too.
All the sites I host are data driven - the data displayed on the sites are from SQL databases.
I have several questions relating to this:
Are the other ports open if they are not being forwarded or do I need to do something else to close them?
Why would a new firewall slow down response time (same product, upgraded version)?
Are the inbound attempts really from hackers/viruses/trojans (etc) or are they legitimate and how can I tell the difference?
How can web users still get the sites to come up if I deny all the inbound access attempts (which I'm doing now)?
Any other thoughts would be appreciated as I'm just trying to learn all I can about hosting before I get wiped out.
Thanks -
Run the simultaneous trace with netmon or ethereal from ethereal.com on that server and the client while you are accessing the page and having the problem. See what is the problem if you sync the time with server then you will have a time line in the trace and be able to see if the linksys is the problem.
Disable ICMP service.
Cyber
Cyber
ASKER
Is this how to disable it?
HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Se rvices\Tcp ip\Paramet ers
The default value of 1 enables ICMP redirects, and 0 disables ICMP redirects.
Will this help speed things up?
HKEY_LOCAL_MACHINE\SYSTEM\
The default value of 1 enables ICMP redirects, and 0 disables ICMP redirects.
Will this help speed things up?
Yap!
Also, you may harden the server by allowing only needed ports to be opened thus excluding any unneeded traffic. If you wish to have a step-by-step like guide just tell me, leaving the exact server version.
Cyber
Also, you may harden the server by allowing only needed ports to be opened thus excluding any unneeded traffic. If you wish to have a step-by-step like guide just tell me, leaving the exact server version.
Cyber
ASKER
Yes I would like to know how and it's W2K server.
Did the above code stop the ICMP and does that help make it more secure? I've read about it but a plain definition of what ICMP is would help.
Did the above code stop the ICMP and does that help make it more secure? I've read about it but a plain definition of what ICMP is would help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.