• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 236
  • Last Modified:

Why all the network activity when idle

I installed SQL Server 2000 (full) on a Win 2000 server, and another (Developer Edition) on my Win XP workstation. Both are mostly empty (just a small new database).

The problem is the SQL Server on Win 2000 server "talks" on the internet at a rate of thousands of packets per hour, back and forth. And that's while being idle. I used Port Explorer and found an IP address 64.216.7.26 that my server connects to most often, like every 1-2 seconds. As soon as I turned SQL Server off and exit, the network activity ceased.

It has SP5, I checked it for viruses and trojans, nothing. At the same time, the dev copy on Win XP is completely silent.

What could be the problem ?
0
campinas
Asked:
campinas
  • 6
  • 5
2 Solutions
 
Aneesh RetnakaranDatabase AdministratorCommented:
0
 
campinasAuthor Commented:
Thanks, your link helped locate the IP address: Fort Worth, Texas.
Are there any settings that can keep my SQL Server from communicating outside the intranet? Its only use is as a companion to the web server...
0
 
DabasCommented:
Hi campinas,
You might have checked for viruses and trojans, but it looks like virus or trojan activity to me, or spyware of some sort
Some suggestions:

Try closing down your firewall for the time being, if possible, and update your virus definitions
In enterprise manager check the current jobs, the current activity, and try to find the process that is causing the problem that way.
Open up msconfig and check the startup tab to see if there is anything there that should not be.
Run Hijackthis to identify processes that should not be running

Dabas
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Aneesh RetnakaranDatabase AdministratorCommented:
If you click that link directly, it will give your gatewat/ ip details. Check whether there is any similarities ..
use the following link, to find who has registered that ip
http://ws.arin.net/cgi-bin/whois.pl
0
 
campinasAuthor Commented:
Dabas, I checked for such processes, but it really seems ok...
aneeshattingal, I get
SBC Internet Services SBCIS-SIS80 (NET-64-216-0-0-1)
                                  64.216.0.0 - 64.219.255.255
Rick Kitzman SBCIS-10058-213229 (NET-64-216-7-24-1)
                                  64.216.7.24 - 64.216.7.31
could this help?

0
 
Aneesh RetnakaranDatabase AdministratorCommented:
That i also got. I thought you have any connection with this, that's why i asked you to check..
0
 
campinasAuthor Commented:
I don't...
Anyway, I'd be happy to just stop my sql server from communicating, except for its local IIS; although it would be nice to figure what's going on...
0
 
Aneesh RetnakaranDatabase AdministratorCommented:
if you have a firewall installed on the server, then you can block the references to that particular ip, Also install some antivirus / antispam tools and check for the existance of any spam virus etc
0
 
campinasAuthor Commented:
interesting, IP address 64.216.7.26 resolves to mail.k4technologies.com -- what is...

right, I can block some addresses... but i'd love a safe solution so that i don't have to hunt for ip addresses...
0
 
campinasAuthor Commented:
NEW :

some sniffing of 64.216.7.26 talk revealed it is continuousely trying passwords !  Must be some kid, but anyway, is there anything one can do to block a source that tried (say) fifty passwords unsuccessfully ??
0
 
Aneesh RetnakaranDatabase AdministratorCommented:
You need to use either a firewall, or use some latest antispyware...
0
 
campinasAuthor Commented:
Thanks for you advice; it helped !
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now