Why all the network activity when idle

I installed SQL Server 2000 (full) on a Win 2000 server, and another (Developer Edition) on my Win XP workstation. Both are mostly empty (just a small new database).

The problem is the SQL Server on Win 2000 server "talks" on the internet at a rate of thousands of packets per hour, back and forth. And that's while being idle. I used Port Explorer and found an IP address 64.216.7.26 that my server connects to most often, like every 1-2 seconds. As soon as I turned SQL Server off and exit, the network activity ceased.

It has SP5, I checked it for viruses and trojans, nothing. At the same time, the dev copy on Win XP is completely silent.

What could be the problem ?
campinasAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Aneesh RetnakaranDatabase AdministratorCommented:
0
campinasAuthor Commented:
Thanks, your link helped locate the IP address: Fort Worth, Texas.
Are there any settings that can keep my SQL Server from communicating outside the intranet? Its only use is as a companion to the web server...
0
DabasCommented:
Hi campinas,
You might have checked for viruses and trojans, but it looks like virus or trojan activity to me, or spyware of some sort
Some suggestions:

Try closing down your firewall for the time being, if possible, and update your virus definitions
In enterprise manager check the current jobs, the current activity, and try to find the process that is causing the problem that way.
Open up msconfig and check the startup tab to see if there is anything there that should not be.
Run Hijackthis to identify processes that should not be running

Dabas
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Aneesh RetnakaranDatabase AdministratorCommented:
If you click that link directly, it will give your gatewat/ ip details. Check whether there is any similarities ..
use the following link, to find who has registered that ip
http://ws.arin.net/cgi-bin/whois.pl
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
campinasAuthor Commented:
Dabas, I checked for such processes, but it really seems ok...
aneeshattingal, I get
SBC Internet Services SBCIS-SIS80 (NET-64-216-0-0-1)
                                  64.216.0.0 - 64.219.255.255
Rick Kitzman SBCIS-10058-213229 (NET-64-216-7-24-1)
                                  64.216.7.24 - 64.216.7.31
could this help?

0
Aneesh RetnakaranDatabase AdministratorCommented:
That i also got. I thought you have any connection with this, that's why i asked you to check..
0
campinasAuthor Commented:
I don't...
Anyway, I'd be happy to just stop my sql server from communicating, except for its local IIS; although it would be nice to figure what's going on...
0
Aneesh RetnakaranDatabase AdministratorCommented:
if you have a firewall installed on the server, then you can block the references to that particular ip, Also install some antivirus / antispam tools and check for the existance of any spam virus etc
0
campinasAuthor Commented:
interesting, IP address 64.216.7.26 resolves to mail.k4technologies.com -- what is...

right, I can block some addresses... but i'd love a safe solution so that i don't have to hunt for ip addresses...
0
campinasAuthor Commented:
NEW :

some sniffing of 64.216.7.26 talk revealed it is continuousely trying passwords !  Must be some kid, but anyway, is there anything one can do to block a source that tried (say) fifty passwords unsuccessfully ??
0
Aneesh RetnakaranDatabase AdministratorCommented:
You need to use either a firewall, or use some latest antispyware...
0
campinasAuthor Commented:
Thanks for you advice; it helped !
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft SQL Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.