Hi,
I just setup Win2K server for the first time behind a router. Trying to learn this stuff.
First off, here is what I got
DSL#staticIP# > Router#NAT/DHCP# > [Server + 4 Workstations]
Each of the workstations gets its IP dynamically via DHCP from the router
The Server is assigned a static IP - 192.168.2.128 subnet 255.255.255.0
The rest of the IPs are similar - 192.168.2.24 192.168.2.30 etc etc all 255.255.255.0 subnet
I have Web Server Services Active on the Server, with a single website being hosted. I have it set to host from the server's static IP on port 80. I went to TCP/IP filtering, and set it to allow only port 80.
I went into the router's virtual server configuration (port forwarding) and set all requests to my public IP address at port 80 to forward to the server's internal IP address at port 80. I blocked all UDP traffic.
Firewall services and NAT is active on the router.
OK, so I can hit up my public IP address from a remote location and pull up the website I want to host. That works. The request is getting forwarded to the server correctly.
Yes, the server is patched. I am trying to learn how to work this server, so there are something's I have dileberately not done yet, like setup a software firewall.
The problem is, when I pull up the dos prompt and run netstat, I find about 30-40 active connections, some tcp, some udp, some syn, all on high level ports like 1900, 2100, etc. There was a steady stream of data flowing out of my server. I have pulled the server offline incase it was being used as a zombie.
What other things can I do to lock this server down, and how can I find out more about where these connections are coming from, why they are connected, etc.??? Can anybody offer me an advice as to how I can keep this server online without getting hacked into the first 10 minutes its online?
I just setup Win2K server for the first time behind a router. Trying to learn this stuff.
First off, here is what I got
DSL#staticIP# > Router#NAT/DHCP# > [Server + 4 Workstations]
Each of the workstations gets its IP dynamically via DHCP from the router
The Server is assigned a static IP - 192.168.2.128 subnet 255.255.255.0
The rest of the IPs are similar - 192.168.2.24 192.168.2.30 etc etc all 255.255.255.0 subnet
I have Web Server Services Active on the Server, with a single website being hosted. I have it set to host from the server's static IP on port 80. I went to TCP/IP filtering, and set it to allow only port 80.
I went into the router's virtual server configuration (port forwarding) and set all requests to my public IP address at port 80 to forward to the server's internal IP address at port 80. I blocked all UDP traffic.
Firewall services and NAT is active on the router.
OK, so I can hit up my public IP address from a remote location and pull up the website I want to host. That works. The request is getting forwarded to the server correctly.
Yes, the server is patched. I am trying to learn how to work this server, so there are something's I have dileberately not done yet, like setup a software firewall.
The problem is, when I pull up the dos prompt and run netstat, I find about 30-40 active connections, some tcp, some udp, some syn, all on high level ports like 1900, 2100, etc. There was a steady stream of data flowing out of my server. I have pulled the server offline incase it was being used as a zombie.
What other things can I do to lock this server down, and how can I find out more about where these connections are coming from, why they are connected, etc.??? Can anybody offer me an advice as to how I can keep this server online without getting hacked into the first 10 minutes its online?
