On Thu, Mar 27, 2003 at 09:15:06AM +0545, Deependra b. Tandukar said: > Hi all, > > I have recently configured Win 2K Adv server with MS SQL 2K. It is on-lan > and connected to the Internet behind firewall. One amazing thing is that > time to time it keeps on sending packets and it clogs the internal as well > as external network of the entire system. Antivirus couldn't detect any > virus yet. The problem is not solved even when I close all the ports. The > computer uses public IP address.
What are the packets doing? Use a packet sniffer to find out what they are, or check your firewall and see what outbound ports the server has opened. If you "close the ports" are you talking about the inbound ports on your firewall? Is your firewall doing NAT Translation? If so, is the SQL server establishing NAT translations out to a particular host/hosts? Does your MS-SQL Server still have the default administrator password? Has it been compromised? One of the worms in particular that I have seen will send out test packets on port 1433, to everything upwards from 1.1.1.1 to 254.254.254.254. It really didn't care how much bandwidth it took up, but when I looked at my NAT translations, there were hundreds of connections to hosts in numerical order. I believe this one started from 200.200.200.200 and just kept going upwards :) > Should there be any reason for this? Doesn't sound right at all. -- Adam Smith Information Technology Officer SAGE Automation Ltd. [EMAIL PROTECTED] http://www.sageautomation.com ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
