Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Too many connections through the firewall

Status
Not open for further replies.
egolds

egolds

MIS
Aug 29, 2001
105
US
We have this strange issue that throughout the day thousands of connections will be made through our firewall. On average it runs 20 - 30 (we only have 30 or so employees).

The problem is our router has a limit to the number of connections it will allow at any one time (3072). I have tried using packet sniffers to figure out where the connections are coming from but when the connections are maxed out there don't seem to me any more packets flowing in and out of the network than when the connections are not maxed out.

I know netstat will show me all active connections for a computer. Is there any way to view all the connections (not just packets) passing through the router? It does not appear that our router itself has this functionality (Sonicwall SOHO).

Thanks in advance.
 
Sort by date Sort by votes
Before spending a lot of time trying to count connections i would scan all your workstations with Ad Aware available from download.com. It will check your system for trojans, backdoors and spyware. Also look for P2P software that someone may be running. You don't want to be a global fileserver.

Sorry, don't know anything about the Sonicwall line.
----------------------------------------
Wasabi Pop Tarts! Write Kellogs today!
 
Upvote 0 Downvote
Yeah, Kazaa causes all sorts of problems on networks. You could block access to their logon servers from the firewall to disable Kazaa throuh the network.
What port are all these connections on? Make sure your firewall is set up properly. (ie deny all, then open what you need)
You might also want to see if you can set up your router as a generic packet filter to blcok most traffic before it even hits your firewall.

I'm ranting...check for nasty client software, then work on your firewall some more. ________________________________________
Check out
 
Upvote 0 Downvote
The firewall itself has limited functionality. What options are available to check the ports for the connections?
 
Upvote 0 Downvote
What do you want to check? That they exist? You've used netstat to prove that.I'd think your goal now would be to shut them down. If you really want some more port info, check out fport at:


What do you mean by you firewall has limited functionality? Get a fully functional firewall!
[smile]
________________________________________
Check out
 
Upvote 0 Downvote
I want to check current open connections. I know netstat can track the connections of my workstation. Is there any tool that will allow me to track all connections passing through the firewall? By limited functionality I mean it doesnt have any way to view or report on connections.
 
Upvote 0 Downvote
That's a crappy firewall! [smile] You're watching this post like a hawk arent you! [wink]

What type of firewall is it (hardware software)? What platform does it run on? If its software, then you can just run a netstat from the machine itself. If its hardware, I'd need to know the OS so I could do some research into it.

Seriously though. You should think about getting a firewall that will allow you to monitor all traffic in and out of the network. I'm really surprised you can't view log files with this firewall. A firewall w/o a log is a useless firewall (IMO) ________________________________________
Check out
 
Upvote 0 Downvote
The firewall is a Sonicwall SOHO. There are some logs but they give very limited info. The only logs show bandwith by IP Address, WebSite Hits, and Bandwidth by Service
 
Upvote 0 Downvote
Is there any way to view this kind of information for an entire network?
 
Upvote 0 Downvote
That depends. There are many ways to do it, but most require that you force all of your comms through a machine that will track the connections. I use a transparent proxy on my firewall for outbound web connections so that I can tell which computers access which web sites. The firewall is Linux based and runs Squid.

If you are using a hub rather than a switch, you can use applications like etherape, that passively track who is connecting to whom.

But using a proxy host is far more effective, because all traffic must pass through the proxy to get out anyway.
pansophic
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DWheater
  • Locked
  • Question
FTP through Back to Back Firewalls
Replies
0
Views
98
DWheater
DWheater
TheFaz_
  • Locked
  • Question
Sending udp packets from fpga to the computer using Lwip tcp/ip stack using C programming
Replies
0
Views
515
TheFaz_
TheFaz_
chieftan
  • Locked
  • Question
IPv6 - possible issue or maybe the way it works
Replies
3
Views
175
chieftan
chieftan
d0nny
  • Locked
  • Question
Using two ADSL connections
Replies
2
Views
112
Billz66
Billz66
ramono
  • Locked
  • Question
Dropping the connection
Replies
1
Views
162
dane775
dane775

Part and Inventory Search

Sponsor

Back
Top