Re: Network problems
From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 08/01/04
- Next message: Miha Pihler: "Re: Is there a way of importing multiple users?"
- Previous message: anonymous_at_discussions.microsoft.com: "Re: VPN won`t connect"
- In reply to: August Startz: "Re: Network problems"
- Next in thread: August Startz: "Re: Network problems"
- Reply: August Startz: "Re: Network problems"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 1 Aug 2004 14:53:01 +0200
Hi,
if destination port is SMTP then your server is sending out e-mail -- like
it should since it is Exchange server. Check your Exchange queues if there
is anything unusual in there (something that would suggest an open relay).
By default Exchange will relay any message from authenticated users
connecting to SMTP service. You might want to change that if one of users
account has become compromised. Also check status of incoming SMTP
(connections). You can do in Exchange Manager...
Do you have an application firewall that could act as SMTP relay, before
message gets to Exchange server if you will need higher protection of your
Exchange server?
Mike
"August Startz" <AugustStartz@discussions.microsoft.com> wrote in message
news:C845A793-B927-4173-801D-639798D91390@microsoft.com...
> The service was just called System. The destation Port is SMTP
>
> "Miha Pihler" wrote:
>
> > What service is it? Is it SMTP? What is destination TCP port?
> >
> > Mike
> >
> > "August Startz" <AugustStartz@discussions.microsoft.com> wrote in
message
> > news:D34EAEE6-ED3A-4BFC-9162-E24E4358C68E@microsoft.com...
> > > Thanks,
> > >
> > > I am using TCP View and I am seeing a lot of SYN_SENT messages. Teh
> > process is always SYSTEM:* but the IP are all diffrent. Any ideas?
> > >
> > > Thanks
> > >
> > > August
> > >
> > > "Miha Pihler" wrote:
> > >
> > > > Hi August,
> > > >
> > > > You can take TCP View from www.sysinternals.com. It is a free
download.
> > Once
> > > > you start it up, it will show you what service is connected to what
> > TCP/UDP
> > > > port, is connected to what destination address and is generating
> > traffic.
> > > >
> > > > My question would be, if you stop Exchange services, does this
unusual
> > > > traffic also stops? Do you have all the latest updates for Windows
2000?
> > > >
> > > > When installing AV software on Exchange server, make sure to exclude
> > > > Exchange and IIS directories from scanning!
> > > >
> > > > Exchange and Antivirus Software
> > > > http://support.microsoft.com/default.aspx?kbid=328841
> > > >
> > > > I hope this helps,
> > > >
> > > > Mike
> > > >
> > > > "August Startz" <August Startz@discussions.microsoft.com> wrote in
> > message
> > > > news:78A548DA-CEC3-46CE-A1A5-16BB424CE15C@microsoft.com...
> > > > > On one of our Windows 2000 servers we are having a big problem
with it
> > > > sending out Thousands of TCP packets every second and flooding the
> > network.
> > > > >
> > > > > This server, also our exchange server, has been running fine for
about
> > 18
> > > > months, then all of a sudden this started. Once we reboot it it
will
> > run
> > > > for anywhere between 45 minutes and 8 hours before it starts again.
> > > > >
> > > > > I have ran virus scan, nothing was found, I installed the network
> > cards,
> > > > but that did not help. I have looked at netstat when this is
happening
> > but
> > > > nothing looks out of order. Does any one have any ideas?
> > > >
> > > >
> > > >
> >
> >
> >
- Next message: Miha Pihler: "Re: Is there a way of importing multiple users?"
- Previous message: anonymous_at_discussions.microsoft.com: "Re: VPN won`t connect"
- In reply to: August Startz: "Re: Network problems"
- Next in thread: August Startz: "Re: Network problems"
- Reply: August Startz: "Re: Network problems"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
