Server 2000 has excessive traffic coming out of it on port 139 and 445.

I have been fighting this problem all week and need some ideas.  We have a few servers that started rebooting unexpectedly 3 days ago.  I found that if all the windows updates were installed the rebooting would stop.  The problem though is that now I have a lot of traffic flooding my network.  The excess traffic is coming out on port 139 and 445 the SMB port.   I do not know why it is doing it or how to stop it.  I would turn it off but I have some files that are shared on it.  Does anybody have any ideas on what I can try?  Also, if you need any more information please ask.
L_P_LoudanAsked:
Who is Participating?
 
caddladyCommented:
Port 139 and 445 are notorious for being used for hacking and the lsass worm...  I would block both ports from incoming traffic on your router ASAP.
0
 
collins23Commented:
well that seems to be a virus problem. have you installed the latest service pack 4 ?

unplug your computers from the network and scan them individually for viruses with the latest virus updates.
0
 
caddladyCommented:
0
 
Dean ChafeeIT/InfoSec ManagerCommented:
This seems to obvious to ask, but, do you have a firewall between your servers and the internet? Sounds like not, or it is wide open.
As caddlady mentioned, those ports are "notorious for being used for hacking and the lsass worm."
If you not sure about the firewall or if it is setup correctly, Go to WWW.GRC.COM and use ShieldsUp from each server. This does a port scan and check from outside to make sure your machine is protected.
FS-
0
 
ajsultanCommented:
OK.  No Sasser or W32.Downadup on machines with the chatty 445 traffic.  Any other ideas?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.