Solved

Server 2000 has excessive traffic coming out of it on port 139 and 445.

Posted on 2006-10-20
7
237 Views
Last Modified: 2009-10-20
I have been fighting this problem all week and need some ideas.  We have a few servers that started rebooting unexpectedly 3 days ago.  I found that if all the windows updates were installed the rebooting would stop.  The problem though is that now I have a lot of traffic flooding my network.  The excess traffic is coming out on port 139 and 445 the SMB port.   I do not know why it is doing it or how to stop it.  I would turn it off but I have some files that are shared on it.  Does anybody have any ideas on what I can try?  Also, if you need any more information please ask.
0
Comment
Question by:L_P_Loudan
7 Comments
 
LVL 6

Expert Comment

by:collins23
ID: 17775015
well that seems to be a virus problem. have you installed the latest service pack 4 ?

unplug your computers from the network and scan them individually for viruses with the latest virus updates.
0
 
LVL 8

Accepted Solution

by:
caddlady earned 250 total points
ID: 17775254
Port 139 and 445 are notorious for being used for hacking and the lsass worm...  I would block both ports from incoming traffic on your router ASAP.
0
 
LVL 8

Expert Comment

by:caddlady
ID: 17775266
0
 
LVL 9

Assisted Solution

by:FixingStuff
FixingStuff earned 250 total points
ID: 17776894
This seems to obvious to ask, but, do you have a firewall between your servers and the internet? Sounds like not, or it is wide open.
As caddlady mentioned, those ports are "notorious for being used for hacking and the lsass worm."
If you not sure about the firewall or if it is setup correctly, Go to WWW.GRC.COM and use ShieldsUp from each server. This does a port scan and check from outside to make sure your machine is protected.
FS-
0
 
LVL 1

Expert Comment

by:ajsultan
ID: 25616433
OK.  No Sasser or W32.Downadup on machines with the chatty 445 traffic.  Any other ideas?
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Remote Access to a Windows 2000 Computer 2 508
P2V Windows NT/2000 SP4 3 1,827
VMware converter for windows 2000 server SP4 4 6,146
Upgrading Windows 2000 SP4 to Windows XP SP2 5 386
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In case you ever have to remove a faulty web part from a page , add the following to the end of the page url ?contents=1
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question