Solved

New firewall - slow response - "Inbound UDP" & SQL 1433, 1434 attempts.

Posted on 2004-10-17
6
756 Views
Last Modified: 2016-03-23
Hi,
I have web server with a Linksys router that I only have 1433, 80, & 8080  forwarded.   I loaded a new firewall (TPF 6.0) and now all the web sites are getting terribly slow response and I am getting constant attempts on Inbound UDP and SQL (1433,1434) access attempts - oh, and DLLHOST, too.
All the sites I host are data driven - the data displayed on the sites are from SQL databases.
I have several questions relating to this:
Are the other ports open if they are not being forwarded or do I need to do something else to close them?
Why would a new firewall slow down response time (same product, upgraded version)?
Are the inbound attempts really from hackers/viruses/trojans (etc) or are they legitimate and how can I tell the difference?
How can web users still get the sites to come up if I deny all the inbound access attempts (which I'm doing now)?
Any other thoughts would be appreciated as I'm just trying to learn all I can about hosting before I get wiped out.
Thanks -
0
Comment
Question by:dcass
  • 3
  • 2
6 Comments
 
LVL 6

Expert Comment

by:Sebo2000
Comment Utility
Run the simultaneous trace with netmon or ethereal from ethereal.com on that server and the client while you are accessing the page and having the problem. See what is the problem if you sync the time with server then you will have a time line in the trace and be able to see if the linksys is the problem.
0
 
LVL 15

Expert Comment

by:Cyber-Dude
Comment Utility
Disable ICMP service.

Cyber
0
 

Author Comment

by:dcass
Comment Utility
Is this how to disable it?
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
The default value of 1 enables ICMP redirects, and 0 disables ICMP redirects.
Will this help speed things up?
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 15

Expert Comment

by:Cyber-Dude
Comment Utility
Yap!

Also, you may harden the server by allowing only needed ports to be opened thus excluding any unneeded traffic. If you wish to have a step-by-step like guide just tell me, leaving the exact server version.

Cyber
0
 

Author Comment

by:dcass
Comment Utility
Yes I would like to know how and it's W2K server.
Did the above code stop the ICMP and does that help make it more secure?  I've read about it but a plain definition of what ICMP is would help.
0
 
LVL 15

Accepted Solution

by:
Cyber-Dude earned 500 total points
Comment Utility
It may take you a step further; but theres no way to guarantee full security:

Before starting, check all the ports you want to allow on the server (i.e. Port 80 for http, Port 25 for smtp and forth).

1. Right-click 'My Network Places' => Choose 'Properties' => Right-click 'Local Area Connection' => Choose 'Properties'.
2. Select 'Internet Protocol (TCP/IP)' and click 'Properties' => Click 'Advanced' button.
3. Choose the 'Options' tab.
4. Select 'TCP/IP Filtering' => Click 'Properties'.

Modify your settings over there (the allowed ports).

Restart the server

Cyber

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Suggested Solutions

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now