Archived from groups: microsoft.public.win2000.security,microsoft.public.win2000.networking (More info?)
I have strange symptoms on a Windows 2000 client. For long
periods each day, this client, which is behind Microsoft Proxy
2.0, stops access to the Internet. In the sniffer trace, what
I see is repetitive behavior where the client will send out TCP
connections from source port 8002 to successive ports on our DNS
server. It appears to attempt connection to each port three
times, and then it goes on to the next one. 1937, 1938, 1939,
etc.
This sure looks like some kind of port sniffing activity, maybe a
virus, but does anyone recognize the source port number and
behavior as belonging to some legitimate Windows 2000 client
behavior?
--
Will
Internet: westes at earthbroadcast.com
I have strange symptoms on a Windows 2000 client. For long
periods each day, this client, which is behind Microsoft Proxy
2.0, stops access to the Internet. In the sniffer trace, what
I see is repetitive behavior where the client will send out TCP
connections from source port 8002 to successive ports on our DNS
server. It appears to attempt connection to each port three
times, and then it goes on to the next one. 1937, 1938, 1939,
etc.
This sure looks like some kind of port sniffing activity, maybe a
virus, but does anyone recognize the source port number and
behavior as belonging to some legitimate Windows 2000 client
behavior?
--
Will
Internet: westes at earthbroadcast.com
Facebook
Twitter
Instagram