Solved

Server 2000 has excessive traffic coming out of it on port 139 and 445.

Posted on 2006-10-20
7
236 Views
Last Modified: 2009-10-20
I have been fighting this problem all week and need some ideas.  We have a few servers that started rebooting unexpectedly 3 days ago.  I found that if all the windows updates were installed the rebooting would stop.  The problem though is that now I have a lot of traffic flooding my network.  The excess traffic is coming out on port 139 and 445 the SMB port.   I do not know why it is doing it or how to stop it.  I would turn it off but I have some files that are shared on it.  Does anybody have any ideas on what I can try?  Also, if you need any more information please ask.
0
Comment
Question by:L_P_Loudan
7 Comments
 
LVL 6

Expert Comment

by:collins23
ID: 17775015
well that seems to be a virus problem. have you installed the latest service pack 4 ?

unplug your computers from the network and scan them individually for viruses with the latest virus updates.
0
 
LVL 8

Accepted Solution

by:
caddlady earned 250 total points
ID: 17775254
Port 139 and 445 are notorious for being used for hacking and the lsass worm...  I would block both ports from incoming traffic on your router ASAP.
0
 
LVL 8

Expert Comment

by:caddlady
ID: 17775266
0
 
LVL 9

Assisted Solution

by:FixingStuff
FixingStuff earned 250 total points
ID: 17776894
This seems to obvious to ask, but, do you have a firewall between your servers and the internet? Sounds like not, or it is wide open.
As caddlady mentioned, those ports are "notorious for being used for hacking and the lsass worm."
If you not sure about the firewall or if it is setup correctly, Go to WWW.GRC.COM and use ShieldsUp from each server. This does a port scan and check from outside to make sure your machine is protected.
FS-
0
 
LVL 1

Expert Comment

by:ajsultan
ID: 25616433
OK.  No Sasser or W32.Downadup on machines with the chatty 445 traffic.  Any other ideas?
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
HeapQueryInformation could not be located 1 900
IP Addresses List On Network 8 287
Auto kill system process when exceeding 80% CPU in windows 2000 8 214
windows explorer 21 176
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question