Balack
asked on
Syn sent issue
One of my Windows 2003 server was found busy sending network traffic. When I type "netstat -na" in the command prompt, I get the following reply as stated:
TCP 192.168.1.13:5571 205.2.184.34:445 SYN_SENT
TCP 192.168.1.13:5572 211.77.0.3:445 SYN_SENT
TCP 192.168.1.13:5573 211.104.181.42:445 SYN_SENT
TCP 192.168.1.13:5574 205.55.17.38:445 SYN_SENT
TCP 192.168.1.13:5575 211.57.199.74:445 SYN_SENT
TCP 192.168.1.13:5576 205.58.147.105:445 SYN_SENT
TCP 192.168.1.13:5577 210.101.136.86:445 SYN_SENT
TCP 192.168.1.13:5578 203.101.212.36:445 SYN_SENT
TCP 192.168.1.13:5579 211.43.76.50:445 SYN_SENT
TCP 192.168.1.13:5580 205.124.164.55:445 SYN_SENT
TCP 192.168.1.13:5581 205.57.237.88:445 SYN_SENT
TCP 192.168.1.13:5582 205.62.115.122:445 SYN_SENT
TCP 192.168.1.13:5583 210.81.71.50:445 SYN_SENT
TCP 192.168.1.13:5584 203.111.228.10:445 SYN_SENT
TCP 192.168.1.13:5585 210.94.143.74:445 SYN_SENT
TCP 192.168.1.13:5586 205.110.144.75:445 SYN_SENT
TCP 192.168.1.13:5587 205.84.17.101:445 SYN_SENT
TCP 192.168.1.13:5588 205.127.72.19:445 SYN_SENT
TCP 192.168.1.13:5589 205.107.196.13:445 SYN_SENT
TCP 192.168.1.13:5590 205.36.139.7:445 SYN_SENT
TCP 192.168.1.13:5591 205.72.157.29:445 SYN_SENT
TCP 192.168.1.13:5592 205.98.31.110:445 SYN_SENT
TCP 192.168.1.13:5593 210.94.180.90:445 SYN_SENT
TCP 192.168.1.13:5594 203.4.28.99:445 SYN_SENT
TCP 192.168.1.13:5595 211.81.153.62:445 SYN_SENT
TCP 192.168.1.13:5596 210.100.18.69:445 SYN_SENT
TCP 192.168.1.13:5597 211.73.67.25:445 SYN_SENT
TCP 192.168.1.13:5598 210.118.189.48:445 SYN_SENT
TCP 192.168.1.13:5599 210.40.158.37:445 SYN_SENT
TCP 192.168.1.13:5600 205.73.248.95:445 SYN_SENT
TCP 192.168.1.13:5601 210.48.45.60:445 SYN_SENT
TCP 192.168.1.13:5602 210.29.211.76:445 SYN_SENT
It looks like my server is targeting at port 445. I ran virus scan, spybolt, but so far, nothing found.
Any suggestion is appreciated!
TCP 192.168.1.13:5571 205.2.184.34:445 SYN_SENT
TCP 192.168.1.13:5572 211.77.0.3:445 SYN_SENT
TCP 192.168.1.13:5573 211.104.181.42:445 SYN_SENT
TCP 192.168.1.13:5574 205.55.17.38:445 SYN_SENT
TCP 192.168.1.13:5575 211.57.199.74:445 SYN_SENT
TCP 192.168.1.13:5576 205.58.147.105:445 SYN_SENT
TCP 192.168.1.13:5577 210.101.136.86:445 SYN_SENT
TCP 192.168.1.13:5578 203.101.212.36:445 SYN_SENT
TCP 192.168.1.13:5579 211.43.76.50:445 SYN_SENT
TCP 192.168.1.13:5580 205.124.164.55:445 SYN_SENT
TCP 192.168.1.13:5581 205.57.237.88:445 SYN_SENT
TCP 192.168.1.13:5582 205.62.115.122:445 SYN_SENT
TCP 192.168.1.13:5583 210.81.71.50:445 SYN_SENT
TCP 192.168.1.13:5584 203.111.228.10:445 SYN_SENT
TCP 192.168.1.13:5585 210.94.143.74:445 SYN_SENT
TCP 192.168.1.13:5586 205.110.144.75:445 SYN_SENT
TCP 192.168.1.13:5587 205.84.17.101:445 SYN_SENT
TCP 192.168.1.13:5588 205.127.72.19:445 SYN_SENT
TCP 192.168.1.13:5589 205.107.196.13:445 SYN_SENT
TCP 192.168.1.13:5590 205.36.139.7:445 SYN_SENT
TCP 192.168.1.13:5591 205.72.157.29:445 SYN_SENT
TCP 192.168.1.13:5592 205.98.31.110:445 SYN_SENT
TCP 192.168.1.13:5593 210.94.180.90:445 SYN_SENT
TCP 192.168.1.13:5594 203.4.28.99:445 SYN_SENT
TCP 192.168.1.13:5595 211.81.153.62:445 SYN_SENT
TCP 192.168.1.13:5596 210.100.18.69:445 SYN_SENT
TCP 192.168.1.13:5597 211.73.67.25:445 SYN_SENT
TCP 192.168.1.13:5598 210.118.189.48:445 SYN_SENT
TCP 192.168.1.13:5599 210.40.158.37:445 SYN_SENT
TCP 192.168.1.13:5600 205.73.248.95:445 SYN_SENT
TCP 192.168.1.13:5601 210.48.45.60:445 SYN_SENT
TCP 192.168.1.13:5602 210.29.211.76:445 SYN_SENT
It looks like my server is targeting at port 445. I ran virus scan, spybolt, but so far, nothing found.
Any suggestion is appreciated!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER