tabmpierce
asked on
Network ports on firewall filling up ....need help 500 points to the winners
I have just installed a new Windows 2003 server on my network and it has a exchange 2003 server on it. We are having issues with the network locking up. Basicly I think there may be a virus but I am unsure where it could be. What I am seeing on the firewall is that the connections keep building up. Our firewall a sonicwall 3060 pro can handle 130000 connections then it will start dropping connections. I tried unplugging the new server from the network and watched to see if the connections would die off. But they do not die. However they do stop going up. If I plug the server back in the connections start going up...about 100 every 10 seconds. This makes me think that something is trying to talk with the exchange server over and over and once it opens a port it keeps it live.
Any ideas on how to troubleshoot my network? How can I locate the source of the problem?
I am placeing this in the general networking area because I am unsure where I would place it. I am not sure what is going on.
Thanks
Tab
Any ideas on how to troubleshoot my network? How can I locate the source of the problem?
I am placeing this in the general networking area because I am unsure where I would place it. I am not sure what is going on.
Thanks
Tab
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
We had the exact same problem and pseudocyber is right on with how to resolve it. In our case it was a user that was flooding the network with traffic. The Sonicwall then shut the system down as in your case. We used Ethereal (before we knew about Port Reporter) and it quickly found the culprit.
Port Reporter is an incredible tool and it tells you real quickly what ports are open, what the source and destination port is as well as the heaviest time it is being used.
It can generate huge logs though. I have seen close to a 1GB a day on a 100 node network.
Port Reporter is an incredible tool and it tells you real quickly what ports are open, what the source and destination port is as well as the heaviest time it is being used.
It can generate huge logs though. I have seen close to a 1GB a day on a 100 node network.
> ports on firewall filling up
> on the firewall is that the connections keep building up.
Initial firewall configuration should be to disable all ports.
Then open the ones worth using
> on the firewall is that the connections keep building up.
Initial firewall configuration should be to disable all ports.
Then open the ones worth using
This must be a virus or malware or P2P traffic. Search all the PC's on the LAN for the above.
Check these:
http://www.microsoft.com/security/malwareremove/default.mspx#run
http://www.lavasoftusa.com/software/adaware/
http://housecall.trendmicro.com/
And make sure you uninstall or stop any P2P from sharing files. I recommend uninstall.
Check these:
http://www.microsoft.com/security/malwareremove/default.mspx#run
http://www.lavasoftusa.com/software/adaware/
http://housecall.trendmicro.com/
And make sure you uninstall or stop any P2P from sharing files. I recommend uninstall.
Since you say the server is the likely cause you may want to start with that. And ensure that it is running updated real time antivirus as well.
Updating your virus scanning engines and dat files are certainly the first step. However, it is possible to be the among the first to experience a new variant that your virus scanner won't find. Been there, done that.
Your could run netstat -an at a command line on the server to see what ports it's opening and listening on.