What is the errorlog discussed here?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: George Hester (hesterloli_at_hotmail.com)
Date: 05/22/04 

Date: Sat, 22 May 2004 19:39:23 -0400

http://support.microsoft.com/default.aspx?scid=kb;en-us;294453

It's discussed just before the large white space. Is it my Event Viewer in Windows 2000? Under Application?

The reason why I got to this article is because I have quite a few connections by the same IP address to my port 1433. It almost looks like Slammer but that shouldn't be as I am at SQL 2000 SP3 and had appled the slammer fix at one point. Also if it was slammer then I really should lose all Internet Connection on the Web. That's not the case.

I did set up IP security by following this article:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/HTUseIPSec.asp

but for some reason after a reboot I still have the connections looking like this:

Processing local system's ports...

Port to process mappings unavailable

TCP/UDP Port Usage

268 active ports found

Port Local IP State Remote IP:Port
TCP 1433 0.0.0.0 LISTENING 0.0.0.0:2208
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:5568
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:5673
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:5806
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:5893
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:5997
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:6111
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:6219
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:6329
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:6433
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:6542
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:6649
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:6753
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:6859
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:6960
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:7068
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:7178
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:7283
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:7386
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:7495
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:7599
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:7690
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:7820
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:8254
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:8721
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:12416
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:12520
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:12627
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:12733
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:13186
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:13320
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:13425
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:13512
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:14699
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:15134
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:15273
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:15411
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:15843
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:15993
TCP 1433 my.ip.address.0 FIN WAIT-2 218.52.192.22:16100
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:32283
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:33463
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:33939
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:34400
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:34514
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:34979
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:35423
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:35525
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:35631
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:35725
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:35834
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:35936
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:36042
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:36152
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:36261
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:36367
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:36494
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:36585
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:36739
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:36829
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:36933
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:37395
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:40027
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:40521
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:41727
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:41836
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:41944
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:42057
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:42147
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:42634
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:43095
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:43588
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:43719
TCP 1433 my.ip.address.0 FIN WAIT-2 218.52.192.22:44892
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:45348
TCP 1433 my.ip.address.0 TIME WAIT 218.52.192.22:45801
...
TCP ports in a LISTENING state: 84 = 38.89%
TCP ports in a ESTABLISHED state: 30 = 13.89%
TCP ports in a FIN WAIT-2 state: 2 = 0.93%
TCP ports in a CLOSE WAIT state: 8 = 3.70%
TCP ports in a TIME WAIT state: 92 = 42.59%

So it's still not looking good. I know it is ms-sql since my Etherreal says so. But there is not much in the capture with this remote IP address. So I am not sure if I fixed this issue or not. Thanks. 

-- 
George Hester
__________________________________

Relevant Pages

  • Re: LISTENING, ESTABLISHED, CLOSE_WAIT TCP Ports & UDP Ports?
    ... properties of a process and it will show you what tcp/ip ports and services ... Beyond that I suggest you read the Windows 2003 Server Security Guide to see ...
    (microsoft.public.windows.server.security)
  • Re: How block socket ports
    ... I would advise against the IPsec filtering that comes with Windows 2000 as ... install all microsoft security patches, sign up for the microsoft newsletter ... on ports basis. ...
    (microsoft.public.win2000.security)
  • Re: virus-help!
    ... > downloaded the latest security patches for windows though ... > I am on Windows Me. ... > Even in normal mode my cd drives freeze up. ... Open ports or ports showing closed rather than stealthed still ...
    (microsoft.public.security.virus)
  • Re: "Network" icon
    ... To close a number of ports, GRC suggests to use the Network icon and re-configure bindings to a certain indicted form. ... There seems to be no control of Server Types, no way to uncheck "i want to enable NetBIOS over TCP/IP" on any and all protocol lines, no way to install NetBEUI, and no way to change/set hardware adaptor bindings. ... 1- The information on the GRC page is severely out of date, it was written pre Windows 2000, it makes absolutely no mention at all of any operating systems post 1998. ...
    (microsoft.public.win2000.general)
  • Re: Strange ports open
    ... but both NetBIOS / Windows networking and Exchange open ... I recommend keeping a log of the ports found open ... Administration Tools [Server Manager, User Manager, Event Viewer, Registry ...
    (microsoft.public.security)