Windows Server 2008 constantly spamming external IP's on outbound TCP port 445

Posted by RSXAdmin on Server Fault See other posts from Server Fault or by RSXAdmin
Published on 2010-06-01T10:57:18Z Indexed on 2010/06/01 11:03 UTC
Read the original article Hit count: 250

Hi Server Fault,

I have a Windows Server 2008 box running as a Domain Controller. I have noticed in my Cisco ASA firewall logs that this box is continuously sending out (like a thousand requests a second) requests on TCP port 445 to external hosts. I have made an effort to deny this outbound traffic from getting on the internet (using the ASA), however I would like these requests to stop from even occurring at all. I have tried disabling TCP/IP over NetBIOS. I have even turned on Windows Advanced Firewall on the box itself to block outbound 445 but the ASA still detects this particular traffic hitting it. I have other DC's and similar type boxes which are not behaving the same way as this box.
Is this normal? Is there a way to stop this spamming? Have I been infected?

Thank you universe.

© Server Fault or respective owner

Related posts about windows-server-2003

Related posts about windows-server-2008