walker

I will try out your next set on instructions on monday night as i am away this weekend. However, in regards to your last question, i enabled RD through the default set up on the firewall. I did not set any custom ports for RD to use, and i am not using VNC. Regards, Walker

Hi, I followed your instructions, and I could see the Blocking rule in the MONITORING window however I could still see the IPs connecting through the Network Monitor and the network usage was unaffected. Thanks once again for taking the time to help, it is very much appreciated. Walker

Hello, I was hoping to get these results to you sooner, however my ISP disconnected me last night so I could not do anything! Here are the results you asked for C:\Users\Administrator>netstat -an |find /i "listening" TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING TCP 0.0.0.0:5800 0.0.0.0:0 LISTENING TCP 0.0.0.0:5900 0.0.0.0:0 LISTENING TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING TCP 0.0.0.0:49158 0.0.0.0:0 LISTENING TCP 92.48.91.202:139 0.0.0.0:0 LISTENING TCP [::]:135 [::]:0 LISTENING TCP [::]:445 [::]:0 LISTENING TCP [::]:3389 [::]:0 LISTENING TCP [::]:49152 [::]:0 LISTENING TCP [::]:49153 [::]:0 LISTENING TCP [::]:49154 [::]:0 LISTENING TCP [::]:49155 [::]:0 LISTENING TCP [::]:49156 [::]:0 LISTENING TCP [::]:49158 [::]:0 LISTENING I will follow the next set of instructions you provided for the firewall now and get back to you soon. Walker

Thank you for your reply. Please find some answers below! 1) The server normally runs a few game servers, like Call of Duty 1 & 4. I also run a control Panel called TCADMIN that controls the game servers and some voice servers like TeamSpeak 3. *please note* when i refer to discovering the constant .20-.30% network usage, this is when I had shut down all game and voice servers including TCadmin. The only applicaction running on the server that communicates with the internet would have been RD. 2) I cannot do this right now as the server is in use. I will get these results for you later tonight. 3) I am just using the windows firewall. Thank you for your time so far! Walker

Hello, First off, please excuse my complete inexperience in these matters. Everything I know, (not being that much) is self taught so there are large gaps. I own and collocate a dedicated server in the UK. Mainly I use the server for VOIP and a few game servers. Recently, the server has been under what is best described as a very small DOS attack. Its not quite blocking up the connection entirely, but it is causing intermittent lag spikes and occasionally complete loss of connection. With nothing running on the server at all, there is a constant .20-.30% network usage with spikes of up to 2.50% (this is on a 100Mbps connection) To find out what this mystery network usage could be, I installed the Microsoft's Network Monitor 3.4 and I found several culprits. Below is an image from the network monitor. As you can see from the image above, the following IPs are sending about 200~ each per second. 208.43.236.122/6 21.34.158.1 89.238.144.11 Some of the requests are using the HTTP protocol and seem to be targeting Call of Duty server ports (28960/5) I have no use for HTTP on my server, so the first thing I did was to try and block port 80 through the windows firewall. This had no affect Then I tried to block the individual IPs through the windows firewall, but again with no success. They still showed up in the network monitor even though they were supposedly blocked by the firewall. However, to block an IP through the windows firewall, I selected the option for "All Programs" even though in the Network Monitor, there is nothing in the "Process Name" column. Could this be the reason that it is not working? (link to the guide I used to block the IP: https://support.gearhost.com/KB/a520/block-ip-address-with-windows-firewall-2008.aspx ) I also tried banning the IPs through IPSec but again to no avail. (link to the guide I used: http://forums.webhostautomation.com/showthread.php?t=2906&page=1 ) I apologise for the long post! I wanted to make sure there was a much information as possible, and I am at my wits end with this problem! Any help would be greatly appreciated! Walker