Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 803
  • Last Modified:

New firewall - slow response - "Inbound UDP" & SQL 1433, 1434 attempts.

Hi,
I have web server with a Linksys router that I only have 1433, 80, & 8080  forwarded.   I loaded a new firewall (TPF 6.0) and now all the web sites are getting terribly slow response and I am getting constant attempts on Inbound UDP and SQL (1433,1434) access attempts - oh, and DLLHOST, too.
All the sites I host are data driven - the data displayed on the sites are from SQL databases.
I have several questions relating to this:
Are the other ports open if they are not being forwarded or do I need to do something else to close them?
Why would a new firewall slow down response time (same product, upgraded version)?
Are the inbound attempts really from hackers/viruses/trojans (etc) or are they legitimate and how can I tell the difference?
How can web users still get the sites to come up if I deny all the inbound access attempts (which I'm doing now)?
Any other thoughts would be appreciated as I'm just trying to learn all I can about hosting before I get wiped out.
Thanks -
0
dcass
Asked:
dcass
  • 3
  • 2
1 Solution
 
Sebo2000Commented:
Run the simultaneous trace with netmon or ethereal from ethereal.com on that server and the client while you are accessing the page and having the problem. See what is the problem if you sync the time with server then you will have a time line in the trace and be able to see if the linksys is the problem.
0
 
Cyber-DudeCommented:
Disable ICMP service.

Cyber
0
 
dcassAuthor Commented:
Is this how to disable it?
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
The default value of 1 enables ICMP redirects, and 0 disables ICMP redirects.
Will this help speed things up?
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
Cyber-DudeCommented:
Yap!

Also, you may harden the server by allowing only needed ports to be opened thus excluding any unneeded traffic. If you wish to have a step-by-step like guide just tell me, leaving the exact server version.

Cyber
0
 
dcassAuthor Commented:
Yes I would like to know how and it's W2K server.
Did the above code stop the ICMP and does that help make it more secure?  I've read about it but a plain definition of what ICMP is would help.
0
 
Cyber-DudeCommented:
It may take you a step further; but theres no way to guarantee full security:

Before starting, check all the ports you want to allow on the server (i.e. Port 80 for http, Port 25 for smtp and forth).

1. Right-click 'My Network Places' => Choose 'Properties' => Right-click 'Local Area Connection' => Choose 'Properties'.
2. Select 'Internet Protocol (TCP/IP)' and click 'Properties' => Click 'Advanced' button.
3. Choose the 'Options' tab.
4. Select 'TCP/IP Filtering' => Click 'Properties'.

Modify your settings over there (the allowed ports).

Restart the server

Cyber

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now