?
Solved

New firewall - slow response - "Inbound UDP" & SQL 1433, 1434 attempts.

Posted on 2004-10-17
6
Medium Priority
?
782 Views
Last Modified: 2016-03-23
Hi,
I have web server with a Linksys router that I only have 1433, 80, & 8080  forwarded.   I loaded a new firewall (TPF 6.0) and now all the web sites are getting terribly slow response and I am getting constant attempts on Inbound UDP and SQL (1433,1434) access attempts - oh, and DLLHOST, too.
All the sites I host are data driven - the data displayed on the sites are from SQL databases.
I have several questions relating to this:
Are the other ports open if they are not being forwarded or do I need to do something else to close them?
Why would a new firewall slow down response time (same product, upgraded version)?
Are the inbound attempts really from hackers/viruses/trojans (etc) or are they legitimate and how can I tell the difference?
How can web users still get the sites to come up if I deny all the inbound access attempts (which I'm doing now)?
Any other thoughts would be appreciated as I'm just trying to learn all I can about hosting before I get wiped out.
Thanks -
0
Comment
Question by:dcass
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 6

Expert Comment

by:Sebo2000
ID: 12336126
Run the simultaneous trace with netmon or ethereal from ethereal.com on that server and the client while you are accessing the page and having the problem. See what is the problem if you sync the time with server then you will have a time line in the trace and be able to see if the linksys is the problem.
0
 
LVL 15

Expert Comment

by:Cyber-Dude
ID: 12337821
Disable ICMP service.

Cyber
0
 

Author Comment

by:dcass
ID: 12342075
Is this how to disable it?
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
The default value of 1 enables ICMP redirects, and 0 disables ICMP redirects.
Will this help speed things up?
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 15

Expert Comment

by:Cyber-Dude
ID: 12345623
Yap!

Also, you may harden the server by allowing only needed ports to be opened thus excluding any unneeded traffic. If you wish to have a step-by-step like guide just tell me, leaving the exact server version.

Cyber
0
 

Author Comment

by:dcass
ID: 12345940
Yes I would like to know how and it's W2K server.
Did the above code stop the ICMP and does that help make it more secure?  I've read about it but a plain definition of what ICMP is would help.
0
 
LVL 15

Accepted Solution

by:
Cyber-Dude earned 2000 total points
ID: 12346531
It may take you a step further; but theres no way to guarantee full security:

Before starting, check all the ports you want to allow on the server (i.e. Port 80 for http, Port 25 for smtp and forth).

1. Right-click 'My Network Places' => Choose 'Properties' => Right-click 'Local Area Connection' => Choose 'Properties'.
2. Select 'Internet Protocol (TCP/IP)' and click 'Properties' => Click 'Advanced' button.
3. Choose the 'Options' tab.
4. Select 'TCP/IP Filtering' => Click 'Properties'.

Modify your settings over there (the allowed ports).

Restart the server

Cyber

0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
A look at what happened in the Verizon cloud breach.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month11 days, 12 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question