Logging Bandwidth Usage

J

James

Expert Member
Joined
May 26, 2004
Messages
2,617
Reaction score
3
Hi

I have a client that has a dedicated sever that has recently come under attack. The ports being hit seem to be the SQL ports and are generating high volumes of traffic. The server is running Windows Server 2000 and has sygate as a fire wall.

What I would like to find is a bandwith analsys app that logs exatly where all the bandwidth is being used and preferably catch IP's too. Does any one have any suggestions?

Thanks
 
I am not aware of any good ones for Windows ... but if it is for linux you can setup iptables to give you all the information you need (per machine, port, in/out etc).

Generally it is a real bad idea to have an SQL server exposed to outside, usually only the web server is exposed, and the DB server is behind heavy firewall, and all access goes through the web server ...
 
Hmm my suggestion would be a decent clean (anti-virus, check services and programs on startup, anti-spyware) etc... to begin with.
 
DFantom said:
Hmm my suggestion would be a decent clean (anti-virus, check services and programs on startup, anti-spyware) etc... to begin with.
Click to expand...
And my suggestions is switch to Linux :-)

Windowze is great OS for kids, home use and entertainment, but when it comes to serious stuff (especially servers) it sucks, so ...
 
James said:
Hi

I have a client that has a dedicated sever that has recently come under attack. The ports being hit seem to be the SQL ports and are generating high volumes of traffic. The server is running Windows Server 2000 and has sygate as a fire wall.

What I would like to find is a bandwith analsys app that logs exatly where all the bandwidth is being used and preferably catch IP's too. Does any one have any suggestions?

Thanks
Click to expand...

As others have suggested - BWMeter, DUMeter or Netmeter.
Grab TCPView from www.sysinternals.com to see who's connecting to what application (and vice versa).

I agree with the other poster above that you should not be exposing SQL server to direct connections from the Net. Doesn't matter if you have a firewall running - if you're allowing connections through the firewall, it's trivial to perform some SQL injection attacks to gain administrative control of your SQL server.

If the SQL server has not been patched and secured (locked down), then chances are high that it has already been compromised (possibly using a stored procedure like xp_cmdshell). Take the SQL server offline immediately and audit the SQL logs.

Cheers
 
swordfish1 said:
And my suggestions is switch to Linux :-)

Windowze is great OS for kids, home use and entertainment, but when it comes to serious stuff (especially servers) it sucks, so ...
Click to expand...

As well as being the most useless comment of the thread, your comment implies that most of the Fortune 500 companies are run by a bunch of kids... well they're pretty rich kids compared to you :rolleyes:
 
I'm not just talking about web servers, I'm talking holistically; including domain servers, database servers, mail servers and groupware servers (even desktop though in this regard one can expect they all mainly use Windows 2000/XP).

My point was that stating Windows is just for kids and implying it can't handle any serious tasks just shows an underlying lack of knowledge and extreme bias (which one would expect from a zealot in either the Linux or MS camp). Personally I feel there is a place for both and anyone stating either is "just for kids" really cannot be taken seriously. In fact I shouldn't have replied to this thread to feed the trolls ;)
 
swordfish1 said:
Windowze is great OS for kids, home use and entertainment, but when it comes to serious stuff (especially servers) it sucks, so ...
Click to expand...

You clearly are rather clueless when it comes to I.T matters ... keep on reading S.A computer buyer for your wisdom :).

I know of a Windows powered EFT switch that handles a few BILLION Rands worth of card transactions per year.
 
Ummm, let's rather focus on what practical steps can be taken right now to get that M$SQL db secured - rather than fighting over which is/isn't best practice & most commonly used by the Fortune 500...

James, like others have posted, having that Windoze machine directly connected to the net is a really bad idea, and Sygate is not going to protect against flaws in Windoze itself, as well as flaws in M$SQL...

The machine is no doubt compromised, take it offline, backup everything, preferably get another disk & install everything from scratch - no point trying to migrate to Linux & MySQL now - consider doing that another time...On the reinstallation disk, install the M$ Baseline Security Analyzer, and run it, then fix everything it tells you is a security risk [it will tell you about M$SQL Lockdown tool as well as Windowsupdate Hotfixes etc etc etc], ensure that you have NTFS partitions & enable the auditing policy, then make sure that key folders are audited in Windows2000 - Properties>Security tab...

I also suggest that you have a look at the customer's router, and if it has a buitin firewall make sure that's enabled & has the latest firmware & locked down to prevent external control of the router itself...test the setup - run port scans...If the router doesn't have a builtin firewall, then try putting in a Linux based software firewall inbetween the server & the net - Smoothwall or IPCop could work as a temporary solution...

About Sygate - I'm not familiar with it, but you should have something on that server that controls which applications can access the net...
 
Thanks for all the replies, will hope fully get it nailed on Monday!
 
Perdition said:
I'm not just talking about web servers, I'm talking holistically
Click to expand...
Agreed, I tried to find more holistic information but the bulk I found in my quick search was on web servers. I do think that web servers are a good indication of it though, as they would have other facilities on the back end also in Linux.

Perdition said:
even desktop though in this regard one can expect they all mainly use Windows 2000/XP
Click to expand...
Of course. My guess would be first windows, then mac and then linux for desktop usage

Perdition said:
My point was that stating Windows is just for kids
Click to expand...
I understood that and am not arguing it at all. My feeling on Windows vs Linux is use the best tool for the job.
But thats not what I asked. I asked for something to back up your usaged of the word "most". I'm not saying I think your talking trash, I would just like to know more on this. If it is as you say "most" fortune 500 companies use Windows, then why is it? Maybe the articles and proof you could provide would explain it.
I still believe that you would find a diversity of OS in the server enviroment in any group of companies and especially the Fortune 500 companies. Personally I would think the Unix, Linux and Windows would make up the bulk of the servers. In what order I do not know. I suspect Unix would play a bigger role in Fortune 500 companies than we all give it credit for.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X