For the past couple of days, we happen to lose our internet connection in
the morning. When I check our firewall's status, I notice that there are
6144 open sessions, flooding the device, thus no meaningful transfer of data
to or from the Internet.
After tracking the IP address of the source machine for all the connections,
I realized that it was our VPN server, sitting in our LAN, behind the
firewall. The source port number was 4886.
We have an access rule defined on the firewall to forwad all PPTP calls to
our VPN server in the LAN.
Our firewall is a Sonicwall Pro 100 and the VPN server is a W2K which is
also a DC.
Does anybody have any idea as to what may be causing this, what hack tool is
in question, how we may have been hacked in the first place and how I can
remedy the situation?
Re: ZoneAlarm stops running under Win98 ... Windows98 getting internet connection over LAN from a Win2K ... You're using a firewall with ICS.... A better option, if you're using broadband, is to go over to a REAL LAN... (comp.security.firewalls)
Re: Unexplained Network Activity ... What about your internet connection?... Do you have a firewall to protect your ...LAN and Airport from intrusions via the internet? ... hackers may be finding your open port during random ... (comp.sys.mac.comm)
Re: VPN Server not as a gateway. ... interfaces and sit between the outside line and the internal network.... What I want is a vpn server I can just attach to the lan switch with ... install than a gateway/ firewall install.... (comp.os.linux.networking)
Re: which ports are in need to be opened to change password over V ... I'm not sure if that will work or not, but it was about the closest thing I could find out about ports for AD and passwords. ... You may be right about an internal firewall, but why would you do that? ... If you have gone to the trouble of setting up a VPN server to give remote machines access to your domain, why would you put that VPN server in a network which can't see a DC? ... When it is unencrypted it should be on the same network as the LAN machines.... (microsoft.public.windows.server.networking)
Re: VPN server one nic ... you can run a server on the LAN with one NIC as a VPN server. ... You can test it by connecting to it from another LAN machine using its local name or LAN IP. ... You can use port forwarding to extend the connection to the VPN server on the LAN. ... The encrypted data has a GRE header, so no data will cross the VPN if GRE is blocked at the firewall.... (microsoft.public.windows.server.general)
