Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Server 2000 has excessive traffic coming out of it on port 139 and 445.

Posted on 2006-10-20
7
Medium Priority
?
244 Views
Last Modified: 2009-10-20
I have been fighting this problem all week and need some ideas.  We have a few servers that started rebooting unexpectedly 3 days ago.  I found that if all the windows updates were installed the rebooting would stop.  The problem though is that now I have a lot of traffic flooding my network.  The excess traffic is coming out on port 139 and 445 the SMB port.   I do not know why it is doing it or how to stop it.  I would turn it off but I have some files that are shared on it.  Does anybody have any ideas on what I can try?  Also, if you need any more information please ask.
0
Comment
Question by:L_P_Loudan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 6

Expert Comment

by:collins23
ID: 17775015
well that seems to be a virus problem. have you installed the latest service pack 4 ?

unplug your computers from the network and scan them individually for viruses with the latest virus updates.
0
 
LVL 8

Accepted Solution

by:
caddlady earned 1000 total points
ID: 17775254
Port 139 and 445 are notorious for being used for hacking and the lsass worm...  I would block both ports from incoming traffic on your router ASAP.
0
 
LVL 8

Expert Comment

by:caddlady
ID: 17775266
0
 
LVL 9

Assisted Solution

by:FixingStuff
FixingStuff earned 1000 total points
ID: 17776894
This seems to obvious to ask, but, do you have a firewall between your servers and the internet? Sounds like not, or it is wide open.
As caddlady mentioned, those ports are "notorious for being used for hacking and the lsass worm."
If you not sure about the firewall or if it is setup correctly, Go to WWW.GRC.COM and use ShieldsUp from each server. This does a port scan and check from outside to make sure your machine is protected.
FS-
0
 
LVL 1

Expert Comment

by:ajsultan
ID: 25616433
OK.  No Sasser or W32.Downadup on machines with the chatty 445 traffic.  Any other ideas?
0

Featured Post

Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Whoever said that “a picture is worth one thousand words” observed a fact that can dramatically affect your marketing success. Most people tend to learn visually, so many publishers commonly acknowledge the effectiveness of visual learning by using…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question