drdream
May 1st, 2006, 04:52 PM
Ive got a server going live and its been ok for the last 6 months.. Im terrified of hackers and malicious users. One day I noticed a website called whisperingmschat.net had several TCP ports on TIME_WAIT (like a hundred or so).. said the app was ms-sql-s. I blocked SQL Server, reset the windows server and the time_Waits were still there so I started blocking all kinds of stuff. To my surprise everything was working but then glictches started happening..
DIMAC JMail component no longer worked (connection timeout)
Sites with Cold Fusion stopped working
but thats about it.. even though I still noticed the whisperingmschat.net had many TIME_WAIT connections
Im rambling here but basically which of these services should be marked as ALLOWED in my firewall?
Im Running DNS, SQL Server, Web Hosting, Mail on ports 25 and 26, FTP, and SSL (maybe some other basic web services which im forgetting too)
lsass.exe
svchost.exe
dns.exe
inetinfo.exe
ntoskrnl.exe
bmss.exe
php.exe (jmail fails when this is blocked, but php.exe has sometimes had
JRun.exe
many many open connections)
PS. I also have a rule to allow all traffic on IP's assigned to me
DIMAC JMail component no longer worked (connection timeout)
Sites with Cold Fusion stopped working
but thats about it.. even though I still noticed the whisperingmschat.net had many TIME_WAIT connections
Im rambling here but basically which of these services should be marked as ALLOWED in my firewall?
Im Running DNS, SQL Server, Web Hosting, Mail on ports 25 and 26, FTP, and SSL (maybe some other basic web services which im forgetting too)
lsass.exe
svchost.exe
dns.exe
inetinfo.exe
ntoskrnl.exe
bmss.exe
php.exe (jmail fails when this is blocked, but php.exe has sometimes had
JRun.exe
many many open connections)
PS. I also have a rule to allow all traffic on IP's assigned to me