On my Windows Server 2003 server, all incoming connections are dropped. I can see them getting in using Wireshark, but even a single ping from another computer fails.
All locally initiated connection work fine (I'm asking from the server). This server is the DC/DHCP/DNS/File server, so computer clients are in the dark.
I've run varius antivirus and removal tools without any luck. The Windows Firewall is disabled.
I'm wild-guessing at some virus/worm.
How can i check why these incoming ICMP/TCP SYN/etc are dropped?
Anyone has any knowledge about such situations?
Thanks.
Is this server in a DMZ? Besides the above answers (windows firewall and IPSEC issues) the most obvious other cause would be an external firewall blocking traffic. I assumed you've tested from another device in the same subnet?
A more likely culprit than virus/worm is the software that ostensibly prevents viruses and worms from getting on the server in the first place. On my servers, I have seen more weird behaviors from badly behaving AV software than I have actual viruses.
Also, really bad NIC drivers can do this sometimes. Broadcom has had some real clunkers along the way.
I had a similar experience a few years back and the problem turned out to be Windows firewall, even though it was supposedly disabled. The solution, after a great deal of trail and error, as well as head scratching, was to enable the firewall, make a change to it (I simply added a port exception), reboot and finally disable the firewall again. I never did find out just why it behaved this way as the machine was decommissioned not long after that.
I've run into this when the IPSec service failed to start on server 2003. If it's disabled it will work fine but when it fails to start all network traffic is dropped.