|
Posted by Roger Abell [MVP] on March 12, 2006, 11:01 am
Please log in for more thread options I was going to suggest looking into the anti-DoS behaviors, but
you appear to have already started down that road (syn attack
protection).
> this is a telnet server app used as a chat type of system, no ipsec, just
> simple telnet streams. it does have some features that use an access
> database which can be slow responding, so new incoming connections aren't
> always serviced instantly. we used to have problems with win2k-pro with
> the 5 connection backlog limit on that system's crippled ip stack, but
> have upgraded to 2k3 server now and still occasionally see the port
> lockup. some experimenting points to the possibility of a timeout instead
> of a backlog hanging up the port, but i'm not sure where to start looking
> for that. i have played with trying to turn off the syn attack
> protection, but that doesn't seem to have helped.
>
>>I remember reading the ipsec troubleshooting chapter in the Domain
>>Isolation Guide in which something similar can happen in certain
>>situations if ipsec is being used to protect traffic on the server via
>>ESP/AH. You can read more below if you are using ipsec on the server. If
>>you are not using ipsec I don't know offhand what the problem would be and
>>it would be helpful to determine if the problem is related to only a
>>particular server service and then try to find information about that
>>service from the publisher documentation and it may also be helpful to
>>check the logs via Event Viewer to see if anything pertinent is recorded,
>>maybe use netmon or Ethereal to capture the packet exchange sequence, use
>>Port Reporter to record port usage on the server, and verify that there
>>are no conflicts on what service is using a port with tools like TCPView
>>and Process Explorer from ysInternals. --- Steve
>>
>>
http://www.microsoft.com/technet/security/topics/architectureanddesign/ipsec/ipsecch7.mspx
>> --- troubleshooting ipsec
>> http://www.sysinternals.com/Utilities/TcpView.html --- TCPView
>>
http://www.microsoft.com/downloads/details.aspx?familyid=69BA779B-BAE9-4243-B9D6-63E62B4BCD2E&displaylang=en
>> --- Port Reporter
>>
>>> is there any kind of security or other mechanism that would cause a port
>>> to be locked out if a connection isn't accepted quickly enough by the
>>> program that is listening on it?? Say a server program opens a port to
>>> listen for clients to connect, but then when a client connects it
>>> doesn't accept that connection for a long time, say up to 30 seconds or
>>> so. maybe other clients also connect and are then waiting in the port
>>> backlog at the same time??
>>>
>>>
>>
>>
>
>
| 
XML Sitemap