Solved

Assistance needed with a computer in our network opening a 1000 ports

Posted on 2006-10-24
12
264 Views
Last Modified: 2010-03-19
We have had issues for the past 2 weeks with our internet going in and out but we could use yahoo and also stream music. Today we found out that one of the computer systems had a 1000 concurrent connections open. They are all open to one IP address.  We are scanning it now for viruses and spyware. What could we do to prevent this from happening again?  IS there a way to issolate what is causing this?  
0
Comment
Question by:jamessa
  • 7
  • 5
12 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 17798179
Install a hardware firewall that can limit concurrent connections
Add multiple layers of spam/antivirus. Scan inbound and outbound email traffic and keep good AV and anti spyware on the desktop. Windows Defender is good and free. AVG is a good AV
Install a URL content filtering appliance like iPrism http://www.stbernard.com/iPrism
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17798197
If you have Cisco switches in the LAN you can enable QoS to limit out-of-profile traffic to very low bandwidth, but the real place it gets limited is at the choke point between the switch and the router/firewall.

0
 

Author Comment

by:jamessa
ID: 17798426
I have Dell POE switches.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17798549
Dell's are inexpensive for a reason. They are feature poor... If your particular model does support QoS I would not be able to tell you how to enable it. The 3800 series does not appear to support QoS
3400 series marketing fluff says it supports QoS, and I've looked at the User Guide "Configuring Quality of Service". It is quite detailed, but unless you really know what you're doing here it could hurt more than help.
And even if we did get it all configured on the switch, and the connection to the router/firewall is still 100Mb, then the router itself is the bandwidth contention point and the only place that can drop packets, therefore QoS would have to be configured here to match what comes out of the switch.
Yes, it is a very black art to get QoS fully working. I just spent a full week at Cisco Advanced Quality of Service class and I still know just the tip of the iceberg and just enough to at least understand what the user guide is talking about, and just enough to know that I'm no expert and a mis-configured QoS can be very harmful to any network.



0
 

Author Comment

by:jamessa
ID: 17798768
I have 2 3448P switches and I dont think I will ttempt mess with Quality of service.  I have ran Hijack this with no avail, I have ran spybot and it came up with nothing.  adaware came up with 2 interesting dataminers, but I could not find any info on them.  I am having VAV do a scan now.
0
 

Author Comment

by:jamessa
ID: 17798780
Sorry I meant to say NAV
0
Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

 
LVL 79

Expert Comment

by:lrmoore
ID: 17798956
Try housecall, too..
http://housecall.trendmicro.com/

0
 

Author Comment

by:jamessa
ID: 17799089
I really dont want to connect this thing to my network now so the above app is out.  
0
 

Author Comment

by:jamessa
ID: 17799103
Is there anyway of watching what this thing is doing on my network if I were to put it back on?
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 17799284
Install ActivePorts and run it live. It'll give you a live picture of every application trying to talk to anyone else
http://catfangz.net/FreeWare/index.html
0
 

Author Comment

by:jamessa
ID: 17805103
Well I have downloaded activeports and I do not see anything weird.  I connected it to the internet today to run housecall.  The weird thing is while housecall was running it reported that my internet connection was slow.  I have a full T1 and don't have a slow down.  Now I know this could also be their servers too, I just thought it was weird.  About 30 minutes into running the program the internet went down again.  It had the same symptoms as before.  Our Yahoo IM stayed up and so did streaming music.  i looked at active ports and there were not 1000 ports open at all.  Also nothing weird?  I can not explain this.
My isp tech told me we were maxing out our ports yesterday.  We are limited to 1500 and this one computer was using 1000+.  This explains why Yahoo IM and streaming music stayed up, they already had ports open.  Web browsing was only going through when this PC would close some ports.  I guess I am left with wiping this computer and starting over.  This would have been the easy thing to do, I just wanted to get to the bottom of what or who was doing this.  I am still confused as to why this is not showing up on any program used on this computer.
0
 

Author Comment

by:jamessa
ID: 17822664
Thanks for your help!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now