Re: Windows 2000 Server pings and scan ports on the network

From: Steven L Umbach (sumbach_at_N0spam.ameritech.net)
Date: 03/18/04

• Next message: Steven L Umbach: "Re: GPO to prevent user "hardening""
• Previous message: Jim B: "Re: How can I disable network (type 3) Logon"
• In reply to: Karl: "Windows 2000 Server pings and scan ports on the network"
• Next in thread: Marc Reynolds [MSFT]: "Re: Windows 2000 Server pings and scan ports on the network"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 18 Mar 2004 12:01:00 -0600

First I would make sure that they have been scanned for viruses/worms with
the latest definitions from the vendor and that they have been patched with
the latests critical updates AFTER they have been backed up/Ghosted in case
there is a problem or conflict with an update. You can also use TCPView from
SysInternals [free] to view what network related processes are running on
the servers including what ports and application they map to. It could be a
legitmate application such as network scanning program or even something
like Microsoft Baseline Security Analyzer but I would think that should be
apparent by looking at the applications installed on the servers and you
might want to look at Scheduled Tasks also since it seems to be not
constant. I don'y believe it is Active Directory related.--- Steve

http://www.sysinternals.com/ntw2k/source/tcpview.shtml -- TCPView

"Karl" <a@a.pt> wrote in message
news:urY2G8QDEHA.2404@TK2MSFTNGP11.phx.gbl...
> Hi we have servers that sometimes ping and scan ports of some PC's.
> We have a firewalled network, updated anti-virus. We cant see any strange
> session entries on the system. Do w2k server has some services or
> applications that have that behaviour and is not a problem ?
> It can be Active Directory or the centralized AVirus solution doing that ?
> Is there any method to check what is triggering that events ?
>
> TIA,
> Karl
>
>

• Next message: Steven L Umbach: "Re: GPO to prevent user "hardening""
• Previous message: Jim B: "Re: How can I disable network (type 3) Logon"
• In reply to: Karl: "Windows 2000 Server pings and scan ports on the network"
• Next in thread: Marc Reynolds [MSFT]: "Re: Windows 2000 Server pings and scan ports on the network"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Blocking IRC Access ... I'd perhaps think about looking at your network, ... You also need to look at your servers inside your lan, ... > they better block all the ports so that people cant BNC to other hosts. ... >> The Presidio integrates PGP data encryption and XML Web Services security to ... (Security-Basics) Re: DNS over the WAN link ... > running all Windows 2000 servers and workstations. ... Other sites lack DNS and DHCP ... You do need WINS for Network places, but not for Active Directory. ... (microsoft.public.win2000.dns) Re: Correct DNS / WINS configuration for Domain members ... future, for resolving NetBIOS names across multiple subnets, because NetBIOS ... servers, but you really feel the screems when those servers hang and ... This tells the story of how reliant most users are on Browsing Network ... search Active Directory for their shared resources, ... (microsoft.public.windows.server.dns) Re: Servers in two Vlans ... A good old Active Directory Replication Across Firewalls whitepaper ... Refer to the "Limited RPC" section for a reasonable port list ... What ports am i going to have to open ... > up between those vlans so the two servers can talk to each other and ... (microsoft.public.windows.server.security) Re: Ports Base ... That will gain you the benefits of an up-to-date ports tree. ... you start installing ports, you have the pkgdb to deal with. ... I use something like this to rapidly deploy new FreeBSD servers. ... Due to network ... (freebsd-questions)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint