Windows Server 2008 constantly spamming external IP's on outbound TCP port 445
Posted
by RSXAdmin
on Server Fault
See other posts from Server Fault
or by RSXAdmin
Published on 2010-06-01T10:57:18Z
Indexed on
2010/06/01
11:03 UTC
Read the original article
Hit count: 250
Hi Server Fault,
I have a Windows Server 2008 box running as a Domain Controller. I have noticed in my Cisco ASA firewall logs that this box is continuously sending out (like a thousand requests a second) requests on TCP port 445 to external hosts. I have made an effort to deny this outbound traffic from getting on the internet (using the ASA), however I would like these requests to stop from even occurring at all. I have tried disabling TCP/IP over NetBIOS. I have even turned on Windows Advanced Firewall on the box itself to block outbound 445 but the ASA still detects this particular traffic hitting it. I have other DC's and similar type boxes which are not behaving the same way as this box.
Is this normal? Is there a way to stop this spamming? Have I been infected?
Thank you universe.
© Server Fault or respective owner