Solved

Assistance needed with a computer in our network opening a 1000 ports

Posted on 2006-10-24
12
263 Views
Last Modified: 2010-03-19
We have had issues for the past 2 weeks with our internet going in and out but we could use yahoo and also stream music. Today we found out that one of the computer systems had a 1000 concurrent connections open. They are all open to one IP address.  We are scanning it now for viruses and spyware. What could we do to prevent this from happening again?  IS there a way to issolate what is causing this?  
0
Comment
Question by:jamessa
  • 7
  • 5
12 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 17798179
Install a hardware firewall that can limit concurrent connections
Add multiple layers of spam/antivirus. Scan inbound and outbound email traffic and keep good AV and anti spyware on the desktop. Windows Defender is good and free. AVG is a good AV
Install a URL content filtering appliance like iPrism http://www.stbernard.com/iPrism
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17798197
If you have Cisco switches in the LAN you can enable QoS to limit out-of-profile traffic to very low bandwidth, but the real place it gets limited is at the choke point between the switch and the router/firewall.

0
 

Author Comment

by:jamessa
ID: 17798426
I have Dell POE switches.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17798549
Dell's are inexpensive for a reason. They are feature poor... If your particular model does support QoS I would not be able to tell you how to enable it. The 3800 series does not appear to support QoS
3400 series marketing fluff says it supports QoS, and I've looked at the User Guide "Configuring Quality of Service". It is quite detailed, but unless you really know what you're doing here it could hurt more than help.
And even if we did get it all configured on the switch, and the connection to the router/firewall is still 100Mb, then the router itself is the bandwidth contention point and the only place that can drop packets, therefore QoS would have to be configured here to match what comes out of the switch.
Yes, it is a very black art to get QoS fully working. I just spent a full week at Cisco Advanced Quality of Service class and I still know just the tip of the iceberg and just enough to at least understand what the user guide is talking about, and just enough to know that I'm no expert and a mis-configured QoS can be very harmful to any network.



0
 

Author Comment

by:jamessa
ID: 17798768
I have 2 3448P switches and I dont think I will ttempt mess with Quality of service.  I have ran Hijack this with no avail, I have ran spybot and it came up with nothing.  adaware came up with 2 interesting dataminers, but I could not find any info on them.  I am having VAV do a scan now.
0
 

Author Comment

by:jamessa
ID: 17798780
Sorry I meant to say NAV
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 79

Expert Comment

by:lrmoore
ID: 17798956
Try housecall, too..
http://housecall.trendmicro.com/

0
 

Author Comment

by:jamessa
ID: 17799089
I really dont want to connect this thing to my network now so the above app is out.  
0
 

Author Comment

by:jamessa
ID: 17799103
Is there anyway of watching what this thing is doing on my network if I were to put it back on?
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 17799284
Install ActivePorts and run it live. It'll give you a live picture of every application trying to talk to anyone else
http://catfangz.net/FreeWare/index.html
0
 

Author Comment

by:jamessa
ID: 17805103
Well I have downloaded activeports and I do not see anything weird.  I connected it to the internet today to run housecall.  The weird thing is while housecall was running it reported that my internet connection was slow.  I have a full T1 and don't have a slow down.  Now I know this could also be their servers too, I just thought it was weird.  About 30 minutes into running the program the internet went down again.  It had the same symptoms as before.  Our Yahoo IM stayed up and so did streaming music.  i looked at active ports and there were not 1000 ports open at all.  Also nothing weird?  I can not explain this.
My isp tech told me we were maxing out our ports yesterday.  We are limited to 1500 and this one computer was using 1000+.  This explains why Yahoo IM and streaming music stayed up, they already had ports open.  Web browsing was only going through when this PC would close some ports.  I guess I am left with wiping this computer and starting over.  This would have been the easy thing to do, I just wanted to get to the bottom of what or who was doing this.  I am still confused as to why this is not showing up on any program used on this computer.
0
 

Author Comment

by:jamessa
ID: 17822664
Thanks for your help!
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now