Solved

New firewall - slow response - "Inbound UDP" & SQL 1433, 1434 attempts.

Posted on 2004-10-17
6
773 Views
Last Modified: 2016-03-23
Hi,
I have web server with a Linksys router that I only have 1433, 80, & 8080  forwarded.   I loaded a new firewall (TPF 6.0) and now all the web sites are getting terribly slow response and I am getting constant attempts on Inbound UDP and SQL (1433,1434) access attempts - oh, and DLLHOST, too.
All the sites I host are data driven - the data displayed on the sites are from SQL databases.
I have several questions relating to this:
Are the other ports open if they are not being forwarded or do I need to do something else to close them?
Why would a new firewall slow down response time (same product, upgraded version)?
Are the inbound attempts really from hackers/viruses/trojans (etc) or are they legitimate and how can I tell the difference?
How can web users still get the sites to come up if I deny all the inbound access attempts (which I'm doing now)?
Any other thoughts would be appreciated as I'm just trying to learn all I can about hosting before I get wiped out.
Thanks -
0
Comment
Question by:dcass
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 6

Expert Comment

by:Sebo2000
ID: 12336126
Run the simultaneous trace with netmon or ethereal from ethereal.com on that server and the client while you are accessing the page and having the problem. See what is the problem if you sync the time with server then you will have a time line in the trace and be able to see if the linksys is the problem.
0
 
LVL 15

Expert Comment

by:Cyber-Dude
ID: 12337821
Disable ICMP service.

Cyber
0
 

Author Comment

by:dcass
ID: 12342075
Is this how to disable it?
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
The default value of 1 enables ICMP redirects, and 0 disables ICMP redirects.
Will this help speed things up?
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 15

Expert Comment

by:Cyber-Dude
ID: 12345623
Yap!

Also, you may harden the server by allowing only needed ports to be opened thus excluding any unneeded traffic. If you wish to have a step-by-step like guide just tell me, leaving the exact server version.

Cyber
0
 

Author Comment

by:dcass
ID: 12345940
Yes I would like to know how and it's W2K server.
Did the above code stop the ICMP and does that help make it more secure?  I've read about it but a plain definition of what ICMP is would help.
0
 
LVL 15

Accepted Solution

by:
Cyber-Dude earned 500 total points
ID: 12346531
It may take you a step further; but theres no way to guarantee full security:

Before starting, check all the ports you want to allow on the server (i.e. Port 80 for http, Port 25 for smtp and forth).

1. Right-click 'My Network Places' => Choose 'Properties' => Right-click 'Local Area Connection' => Choose 'Properties'.
2. Select 'Internet Protocol (TCP/IP)' and click 'Properties' => Click 'Advanced' button.
3. Choose the 'Options' tab.
4. Select 'TCP/IP Filtering' => Click 'Properties'.

Modify your settings over there (the allowed ports).

Restart the server

Cyber

0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The related questions "How do I recover the passwords for my Q-See DVR" and "How can I reset my Q-See DVR to eliminate a password" are seen several times a week.  Here we discuss the grim reality of the situation.
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question