Reduce outgoing internet traffic on Windows server 2012
€30-250 EUR
Teljesítve
Kiadva ekkor: majdnem 5 évvel ezelőtt
€30-250 EUR
Teljesítéskor fizetve
We'r using a Windows 2012 server for hosting (LeaseWeb) our Windows-application.
This server has now a lot of extra outgoing traffic (> 500 Gb / day).
We like to solve this, maybe by blocking internet-access, except :
- RDP
- Customers accessing the server via a client-program (started in the browser) from GoGlobal.
- Some SOAP/REST - requests in the indows-application to fixed IP-addresses.
"Microsoft Network Monitor 3.4" is already installed.
It shows LDAP is causing a lot of traffic. Port 389.
Another quick Netflow shows the IP's that are mainly responsible for the generated traffic.
Other ports are also included in the Netflow, since it was not filtered exclusively on port 389.
Unfortunately blocking the port on the server does not prevent high bandwidth consumption. Since the traffic still passes the TOR switch before it is dropped at the server, it will still count as "legit" traffic to the metrics system, which unfortunately still results in high bandwidth consumption for the server.
Regarding the IP's who are responsible :
[login to view URL]:
OrgAbuseHandle: SHAWA-ARIN
OrgAbuseName: SHAW ABUSE
OrgAbusePhone: +1-403-750-7420
OrgAbuseEmail: [login to view URL]@[login to view URL]
OrgAbuseRef: [login to view URL]
5.254.19.111:
Abuse contact for '5.254.19.0 - 5.254.19.255' is 'abuse@[login to view URL]'
To gain information on the Abuse contacts for the owners of these IP addresses, query the whois database.
Hello!
I'm a highly skilled Microsoft and Information Security infrastructure expert with 10+ years of hands-on experience.
All skills and experience in my Linkedin profile: [login to view URL]
I'll fix this issue for you with all the recommendations and the best practices.
This is probably standard LDAP relay attack, I know how to deal with it and defend your server.
If you see my last review - this was I think exactly the same problem, the open LDAP 389 port.
Best regards, Evgeniy Vovney.
€220 EUR 3 napon belül
5,0 (13 értékelés)
4,3
4,3
2 szabadúszó adott átlagosan €221 EUR összegű árajánlatot erre a munkára
Hello, i'm an expert IT with more 15 years of experience in IT industry . i'm certified Cisco networking professional 300-100 and 300-115 and Linux professional lpi 101, 102 and RHCSA and VCP 4, 5,5.5 and Data Center and MSCA/MSCE ranging from 2003 to 2012 . i Can give you the best practice use to allow only what you need let's chat for more information