0

We have about 8 asp.net websites running on Windows 2008 R2 server.

Recently we were informed of case registered against our instance for DOS attack via UDP port 53 on two IPs. On exploring, we found a DbSecuritySpt folder in our C: drive. We removed the folder and stopped the service but it was again created and service started automatically the following day. We initially had allowed traffic for all outbound ports. But after this, we closed most of the ports giving access to few ports like http. The file and service were not found the day following blocking of ports. The Windows Defender scan also did not detect any virus.

Though blocking of ports has averted the DOS attack, it has slowed down response of asp.net websites. The pages are loaded fine, but posting messages have a response time of about 1.5 min. We are unable to make out the effect of blocking ports on response time of websites. We have used netstat to look into ports in effect but to no avail.

Is there a way to detect the effect of blocking ports or the ports being used that should not have been blocked?

Thanks for any feedback.

Tanvi Lugani
  • 1

2 Answers2

0

UDP/53 is the DNS port, and blocking it unilaterally definitely does have side-effects. How much depends on the application, but it does. If you're doing any reverse-IP lookups, those are going to fail. If the server hits any remote services to process incoming messages (such as an anti-spam service), those may be failing too.

If you can change your port-blocking from 'drop' to 'reject', it'll cause the firewall to inform the server that it can't do that. Which will in turn let whatever code is waiting for an answer to get out of its timeout loop early. If you keep it on 'drop', you'll have to wait for all of those DNS resolution attempts to timeout.

sysadmin1138
  • 134,165
0

The issue was resolved. Since we have restricted the ports, port 587 was required to be opened since we had notifications for the activities on the website. Opening the port, resolved the responsive issue.

Tanvi Lugani
  • 1