• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 274
  • Last Modified:

Assistance needed with a computer in our network opening a 1000 ports

We have had issues for the past 2 weeks with our internet going in and out but we could use yahoo and also stream music. Today we found out that one of the computer systems had a 1000 concurrent connections open. They are all open to one IP address.  We are scanning it now for viruses and spyware. What could we do to prevent this from happening again?  IS there a way to issolate what is causing this?  
0
jamessa
Asked:
jamessa
  • 7
  • 5
1 Solution
 
lrmooreCommented:
Install a hardware firewall that can limit concurrent connections
Add multiple layers of spam/antivirus. Scan inbound and outbound email traffic and keep good AV and anti spyware on the desktop. Windows Defender is good and free. AVG is a good AV
Install a URL content filtering appliance like iPrism http://www.stbernard.com/iPrism
0
 
lrmooreCommented:
If you have Cisco switches in the LAN you can enable QoS to limit out-of-profile traffic to very low bandwidth, but the real place it gets limited is at the choke point between the switch and the router/firewall.

0
 
jamessaAuthor Commented:
I have Dell POE switches.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
lrmooreCommented:
Dell's are inexpensive for a reason. They are feature poor... If your particular model does support QoS I would not be able to tell you how to enable it. The 3800 series does not appear to support QoS
3400 series marketing fluff says it supports QoS, and I've looked at the User Guide "Configuring Quality of Service". It is quite detailed, but unless you really know what you're doing here it could hurt more than help.
And even if we did get it all configured on the switch, and the connection to the router/firewall is still 100Mb, then the router itself is the bandwidth contention point and the only place that can drop packets, therefore QoS would have to be configured here to match what comes out of the switch.
Yes, it is a very black art to get QoS fully working. I just spent a full week at Cisco Advanced Quality of Service class and I still know just the tip of the iceberg and just enough to at least understand what the user guide is talking about, and just enough to know that I'm no expert and a mis-configured QoS can be very harmful to any network.



0
 
jamessaAuthor Commented:
I have 2 3448P switches and I dont think I will ttempt mess with Quality of service.  I have ran Hijack this with no avail, I have ran spybot and it came up with nothing.  adaware came up with 2 interesting dataminers, but I could not find any info on them.  I am having VAV do a scan now.
0
 
jamessaAuthor Commented:
Sorry I meant to say NAV
0
 
lrmooreCommented:
Try housecall, too..
http://housecall.trendmicro.com/

0
 
jamessaAuthor Commented:
I really dont want to connect this thing to my network now so the above app is out.  
0
 
jamessaAuthor Commented:
Is there anyway of watching what this thing is doing on my network if I were to put it back on?
0
 
lrmooreCommented:
Install ActivePorts and run it live. It'll give you a live picture of every application trying to talk to anyone else
http://catfangz.net/FreeWare/index.html
0
 
jamessaAuthor Commented:
Well I have downloaded activeports and I do not see anything weird.  I connected it to the internet today to run housecall.  The weird thing is while housecall was running it reported that my internet connection was slow.  I have a full T1 and don't have a slow down.  Now I know this could also be their servers too, I just thought it was weird.  About 30 minutes into running the program the internet went down again.  It had the same symptoms as before.  Our Yahoo IM stayed up and so did streaming music.  i looked at active ports and there were not 1000 ports open at all.  Also nothing weird?  I can not explain this.
My isp tech told me we were maxing out our ports yesterday.  We are limited to 1500 and this one computer was using 1000+.  This explains why Yahoo IM and streaming music stayed up, they already had ports open.  Web browsing was only going through when this PC would close some ports.  I guess I am left with wiping this computer and starting over.  This would have been the easy thing to do, I just wanted to get to the bottom of what or who was doing this.  I am still confused as to why this is not showing up on any program used on this computer.
0
 
jamessaAuthor Commented:
Thanks for your help!
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now