denial-of-service protection

[Enrique Garcia]

My IT department keeps telling me that my server is putting out hundreds of
megabytes of data out on the Internet for no apparent reason.
I take this as a denial of service attack. I hardened the TCP/IP protocols
as per Microsoft Knowledge Base Article - 315669. Is there anything else I
can do?
The server is running Windows 2000, and it houses employee web sites.
thanks in advance,
eg

 

[Karl Levinson [x y] mvp]

Hardening the TCP settings really does very little to prevent a DoS attack,
and this doesn't sound necessarily like a DoS attack. Try here instead:

http://securityadmin.info/faq.htm#hacked [start here]
http://securityadmin.info/faq.htm#re-secure
http://securityadmin.info/faq.htm#harden

www.grisoft.com is free antivirus, you might also try that.

My first guess [and this is just a guess] might be that a hacker installed a
hidden FTP server on your server, as described below:

http://securityadmin.info/faq.htm#ftpfolder

If you find anything interesting out or need help determining if you've been
hacked, let us know.

PS I really think your IT department should be giving you more information
and assistance. They should be telling you want ports are being used, the
other IP addresses being contacted, etc. etc. This might tell you whether
this is FTP traffic, a worm "virus," or whatever. They might also be able
to set up a sniffer to try to see what might be containined within the data
communication if necessary.