Re: Epmap Connectionn Problem

From: "Charms Zhou" <charmszhou@xxxxxxxxxxx>
Date: Wed, 17 Aug 2005 17:54:25 +0800

1. The problem is still here after I change the machine's DNS server;
2. The machine is with SP2 and fire wall is on;
3. The port number connect to server's epmap port is protean.

"Savage" <Savage@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CDE4C6E0-3F18-4E33-B7D1-4E6C40B530B5@xxxxxxxxxxxxxxxx
>I can only offer my theory , but is it possible you may have a network
> protocol on your machine trying to obtain an IP address ?
>
> Or possibly an application trying to resolve a host name via the DNS
> server ?
>
> Typically if one machine starts misbehaving , I'd look at malware.
> Possibly install a local firewall , the likes of SP2 or third party like
> zonealarm etc.
> This might pinch off unwanted network traffic , you can confirure the
> windows firewall to log successful connections and dropped packets.
>
> See what you can find...
> --
> ________
> NIC
> ----------
> Savage
> ________
>
>
> "Charms Zhou" wrote:
>
>> There is one PC (WindowsXP installed) alway try to establish epmap
>> connection with our DNS/DHCP/VPN server(Windows2000 server installed). I
>> use
>> command "netstat -ab" to see the result as below. I found this connection
>> established by Windows system services. I don't understand what and why
>> this
>> happened.
>>
>>
>>
>>
>>
>> C:\Documents and Settings\czhang>netstat -ab
>>
>>
>>
>> Active Connections
>>
>>
>>
>> Proto Local Address Foreign Address State
>> PID
>>
>> TCP christinezhang:epmap christinezhang.actuate.com:0 LISTENING
>> 952
>>
>> c:\windows\system32\WS2_32.dll
>>
>> C:\WINDOWS\system32\RPCRT4.dll
>>
>> c:\windows\system32\rpcss.dll
>>
>> C:\WINDOWS\system32\svchost.exe
>>
>> C:\WINDOWS\system32\ADVAPI32.dll
>>
>> [svchost.exe]
>>
>>
>>
>> TCP christinezhang:microsoft-ds christinezhang.actuate.com:0
>> LISTENING 4
>>
>> [System]
>>
>>
>>
>> TCP christinezhang:5225 christinezhang.actuate.com:0 LISTENING
>> 904
>>
>> [javaw.exe]
>>
>>
>>
>> TCP christinezhang:5226 christinezhang.actuate.com:0 LISTENING
>> 904
>>
>> [javaw.exe]
>>
>>
>>
>> TCP christinezhang:8008 christinezhang.actuate.com:0 LISTENING
>> 904
>>
>> [javaw.exe]
>>
>>
>>
>> TCP christinezhang:1046 christinezhang.actuate.com:0 LISTENING
>> 2684
>>
>> [alg.exe]
>>
>>
>>
>> TCP christinezhang:8005 christinezhang.actuate.com:0 LISTENING
>> 904
>>
>> [javaw.exe]
>>
>>
>>
>> TCP christinezhang:netbios-ssn christinezhang.actuate.com:0
>> LISTENING
>> 4
>>
>> [System]
>>
>>
>>
>> TCP christinezhang:1063 christinezhang.actuate.com:5226
>> ESTABLISHED
>> 1896
>>
>> [StatusClient.exe]
>>
>>
>>
>> TCP christinezhang:5226 christinezhang.actuate.com:1063
>> ESTABLISHED
>> 904
>>
>> [javaw.exe]
>>
>>
>>
>> TCP christinezhang:1056 baym-cs65.msgr.hotmail.com:1863
>> ESTABLISHED
>> 2000
>>
>> [msnmsgr.exe]
>>
>>
>>
>> TCP christinezhang:1344 baym-sb24.msgr.hotmail.com:1863
>> ESTABLISHED
>> 2000
>>
>> [msnmsgr.exe]
>>
>>
>>
>> TCP christinezhang:1348 207.68.178.61:http ESTABLISHED
>> 2000
>>
>> [msnmsgr.exe]
>>
>>
>>
>> TCP christinezhang:1350 207.68.178.61:http ESTABLISHED
>> 2000
>>
>> [msnmsgr.exe]
>>
>>
>>
>> TCP christinezhang:1352 192.168.218.145:netbios-ssn ESTABLISHED
>> 4
>>
>> [System]
>>
>>
>>
>> TCP christinezhang:1353 shanghai.actuate.com:epmap ESTABLISHED
>> 952
>>
>> c:\windows\system32\WS2_32.dll
>>
>> C:\WINDOWS\system32\RPCRT4.dll
>>
>> c:\windows\system32\rpcss.dll
>>
>> [svchost.exe]
>>
>>
>>
>> TCP christinezhang:1318 shanghai.actuate.com:epmap TIME_WAIT
>> 0
>>
>> TCP christinezhang:1319 shanghai.actuate.com:microsoft-ds
>> TIME_WAIT
>>
>> 0
>>
>> TCP christinezhang:1321 shanghai.actuate.com:epmap TIME_WAIT
>> 0
>>
>> TCP christinezhang:1322 shanghai.actuate.com:microsoft-ds
>> TIME_WAIT
>>
>> 0
>>
>> TCP christinezhang:1324 shanghai.actuate.com:epmap TIME_WAIT
>> 0
>>
>> TCP christinezhang:1341 shanghai.actuate.com:microsoft-ds
>> TIME_WAIT
>>
>> 0
>>
>> TCP christinezhang:1343 shanghai.actuate.com:epmap TIME_WAIT
>> 0
>>
>> TCP christinezhang:1345 shanghai.actuate.com:microsoft-ds
>> TIME_WAIT
>>
>> 0
>>
>> TCP christinezhang:1347 shanghai.actuate.com:epmap TIME_WAIT
>> 0
>>
>> UDP christinezhang:microsoft-ds *:*
>> 4
>>
>> [System]
>>
>>
>>
>> UDP christinezhang:1349 *:*
>> 1172
>>
>> C:\WINDOWS\system32\mswsock.dll
>>
>> c:\windows\system32\WS2_32.dll
>>
>> c:\windows\system32\DNSAPI.dll
>>
>> c:\windows\system32\dnsrslvr.dll
>>
>> C:\WINDOWS\system32\RPCRT4.dll
>>
>> [svchost.exe]
>>
>>
>>
>> UDP christinezhang:isakmp *:*
>> 708
>>
>> [lsass.exe]
>>
>>
>>
>> UDP christinezhang:4500 *:*
>> 708
>>
>> [lsass.exe]
>>
>>
>>
>> UDP christinezhang:1027 *:*
>> 1172
>>
>> C:\WINDOWS\system32\mswsock.dll
>>
>> c:\windows\system32\WS2_32.dll
>>
>> c:\windows\system32\DNSAPI.dll
>>
>> c:\windows\system32\dnsrslvr.dll
>>
>> C:\WINDOWS\system32\RPCRT4.dll
>>
>> [svchost.exe]
>>
>>
>>
>> UDP christinezhang:ntp *:*
>> 1048
>>
>> c:\windows\system32\WS2_32.dll
>>
>> c:\windows\system32\w32time.dll
>>
>> ntdll.dll
>>
>> C:\WINDOWS\system32\kernel32.dll
>>
>> [svchost.exe]
>>
>>
>>
>> UDP christinezhang:1222 *:*
>> 1928
>>
>> C:\WINDOWS\system32\WS2_32.dll
>>
>> C:\WINDOWS\system32\WININET.dll
>>
>> C:\WINDOWS\system32\kernel32.dll
>>
>> [rundll32.exe]
>>
>>
>>
>> UDP christinezhang:1066 *:*
>> 2000
>>
>> [msnmsgr.exe]
>>
>>
>>
>> UDP christinezhang:1900 *:*
>> 1216
>>
>> c:\windows\system32\WS2_32.dll
>>
>> c:\windows\system32\ssdpsrv.dll
>>
>> C:\WINDOWS\system32\ADVAPI32.dll
>>
>> C:\WINDOWS\system32\kernel32.dll
>>
>> [svchost.exe]
>>
>>
>>
>> UDP christinezhang:netbios-ns *:*
>> 4
>>
>> [System]
>>
>>
>>
>> UDP christinezhang:1900 *:*
>> 1216
>>
>> c:\windows\system32\WS2_32.dll
>>
>> c:\windows\system32\ssdpsrv.dll
>>
>> C:\WINDOWS\system32\ADVAPI32.dll
>>
>> C:\WINDOWS\system32\kernel32.dll
>>
>> [svchost.exe]
>>
>>
>>
>> UDP christinezhang:netbios-dgm *:*
>> 4
>>
>> [System]
>>
>>

.

Follow-Ups:
- Re: Epmap Connectionn Problem
  - From: Savage

References:
- Epmap Connectionn Problem
  - From: Charms Zhou
- RE: Epmap Connectionn Problem
  - From: Savage

Prev by Date: Re: W-XP w/SP-2 and hp mf printer install problems *big time*
Next by Date: XP Upgrade
Previous by thread: RE: Epmap Connectionn Problem
Next by thread: Re: Epmap Connectionn Problem
Index(es):
- Date
- Thread

Relevant Pages

Re: Question about Windows XP firewall
... I'll upgrade to sp2 or sp3 this weekend. ... MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 ... How do I close or stealth/hide this port using the Windows FW? ...
(microsoft.public.windowsxp.general)
Re: port blocking in DOS
... Windows XP SP2) is to run tools like TCPView that can be downloaded from ... > Hi Mike, ... > I am actually trying to block or disable the port in WinXP and Win2K both. ...
(microsoft.public.security)
Re: XP SP2 - Statement of the NTBugtraq list
... XP SP2 - Statement of the NTBugtraq list ... port and AIM loaded and functioned as expected. ... Windows, by default left ... At this point I'm prepping to install SP2 on a Toshiba Centrino based ...
(NT-Bugtraq)
Re: Cannot Access Email with OE due to XP ServicePak2
... Server: 'ipostoffice.worldnet.att.net', Protocol: POP3, ... Port: 995, Secure: Yes, Error Number: 0x800C0133 ... I have Windows XP Home ... (SP2 was auto installed but I do not know what exact date it was done and I ...
(microsoft.public.windows.inetexplorer.ie6_outlookexpress)
Re: Win2000-Server tries to connect various machines on port 53
... Are you running a DNS server on this machine (I assume you are, ... say it is a Domain Controller, and Windows 2000 domains require Active ... Port 53 is for DNS. ... : Which ports should be normally opened on the win2000 server (It works as: domain controller). ...
(microsoft.public.security)