|
Posted by Steven L Umbach on November 22, 2005, 5:44 pm
Please log in for more thread options
Make sure that you look at the firewall logs also to see what traffic is
being dropped. If you are seeing a large number of logon failures that may
be a reason for concern to maintain functionality if they are legitimate
connections. The logon events should show the source computer that is
causing these events and you would want to investigate further to see if the
source computer is working correctly or not and look in it's logs for
failure events that may help you determine what is going on. Such logon
failures would indicate more is being blocked than typical broadcast
oise. --- Steve
>I have recently installed SP1 on our Win 2003 server, and activated the
> firewall. The applications and services running on this server, like DHCP
> and Mcafee EPO virus protection seem to be working, after some negotiation
> with the firewall. Yesterday I enabled logging of dropped connections in
> Event Viewer, and I now see a large number of logon failures, mostly for
> local services, like lsass.exe and sqlmangr.exe, which event viewer says
> the
> firewall has "detected listening on port ...." Do I need to manually open
> these ports? The most frequent blocked connection is cqsmgr.exe, which I
> understand is a Compaq ditty, doing I don't know what. My server is a
> Proliant. If I don't see any ill effect, should I just leave these, or is
> the dropping of these connections provoking a storm of requests to my
> server
> that will slow it down?
| 
XML Sitemap