Re: W2k/SQL server generating mass network load
From: Shannon Jacobs (shanen@my-deja.com)
Date: 02/25/03
- Next message: Guido: "mscep.dll ver 5.131.2199.1"
- Previous message: Christiaan: "W2kserver/SQLserver generating mass Netwrok load"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Shannon Jacobs" <shanen@my-deja.com> Date: Tue, 25 Feb 2003 17:32:41 +0900
Not slammer?
Christiaan wrote:
> Hello,
>
> W2kserver with SP3, SQLserver2000, IIS 5 with latest SP is
> installed. Also I implemented Hisecweb.inf and IISlockdown
> tool. Only the HTTP and SQL ports are available. When I
> discovered, while having serious network problems, that
> this server is connecting to apprx. 600 various IP's, it
> is using all the network bandwith. Pinging the
> gateway/router from a different server on the same
> segment, it's causing a major timeout. Netstat doesn't
> give me any unusual connections. When using a sniffer, I
> can see the W2k/SQL server is very busy polling al these
> IP's. The IP adrresses are various, the're all outside the
> network and directly from the Internet.
> A simple though would bring me to a Trojan or an attacker
> from outside. Is there a tool available from which I can
> see what is causing this 'heavy traffic' except from the
> software I mentioned above?
> Many thanks so far,
> Christiaan.
- Next message: Guido: "mscep.dll ver 5.131.2199.1"
- Previous message: Christiaan: "W2kserver/SQLserver generating mass Netwrok load"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
