Windows Server 2008 constantly spamming external IP's on outbound TCP port 445

Posted by RSXAdmin on Server Fault See other posts from Server Fault or by RSXAdmin
Published on 2010-06-01T10:57:18Z Indexed on 2010/06/01 11:03 UTC
Read the original article Hit count: 246

Filed under:

windows-server-2003

|

windows-server-2008

|

firewall

|

tcp

|

ports

Hi Server Fault,

I have a Windows Server 2008 box running as a Domain Controller. I have noticed in my Cisco ASA firewall logs that this box is continuously sending out (like a thousand requests a second) requests on TCP port 445 to external hosts. I have made an effort to deny this outbound traffic from getting on the internet (using the ASA), however I would like these requests to stop from even occurring at all. I have tried disabling TCP/IP over NetBIOS. I have even turned on Windows Advanced Firewall on the box itself to block outbound 445 but the ASA still detects this particular traffic hitting it. I have other DC's and similar type boxes which are not behaving the same way as this box.
Is this normal? Is there a way to stop this spamming? Have I been infected?

Thank you universe.

© Server Fault or respective owner

Related posts about windows-server-2003

Rotate monitor to portrait on Windows Server 2003 with ATI card

as seen on Super User - Search for 'Super User'
Does anyone know if it is possible to rotate a monitor from landscape to portrait mode on Windows Server 2003 32-bit with an ATI video card? According to Dell's site, I should be able to rotate my Dell P2310H monitor by installing drivers from their website, but they don't have drivers for Windows… >>> More
Windows Server 2003 Trial Activation Issue

as seen on Server Fault - Search for 'Server Fault'
I have a Windows Server 2003 (R2 Enterprise with SP2) VM, originally installed with a trial license. We forgot about the server, and now more than 120 days has passed, and I can't do anything with the server. I seem to be at a dead end with the existing installation. When I log in, I get: The… >>> More
Windows Server 2003 can't see Vista machine

as seen on Server Fault - Search for 'Server Fault'
Hi there, I've got a real PITA problem that I'm sure has a really simple solution. I have a Windows Server 2003 machine that needs to be able to see the network name of a Vista box - but refuses to. It can see the Vista box (and even access its shared folder) if I enter the Vista box's IP address… >>> More
Windows server 2003 default administrator password

as seen on Stack Overflow - Search for 'Stack Overflow'
Sorry if this is an overly simplistic question, but I'm a bit stuck here. :) I need a windows machine for me to do some programming for class. Since I have my Macbook with me everywhere I go, I figured that it would be easiest to install a vm. And since I can get a copy of Windows server 2k3 for… >>> More
Windows Server 2003 - Handling hundreds of simultaneous downloads

as seen on Server Fault - Search for 'Server Fault'
At the moment I have a single server with 4 1TB hard disks, daily I haver over 150 MP3 music files uploaded (around 80mb each). At busy periods there is over 300 people streaming / downloading these mixes all at once, 75% of the activity is on the most recently uploaded stuff which is all on a single… >>> More

Related posts about windows-server-2008

Password policy problem windows server 2008

as seen on Server Fault - Search for 'Server Fault'
Hi, I'm creating a domain and I need to make users that can have an empty password but administrators have to comply with password complexity how to I solve this problem? Thanks in advance >>> More
SAP DCOM Connector on Windows Server 2008

as seen on Stack Overflow - Search for 'Stack Overflow'
Does anybody know, if it is possible to use the "old" SAP DCOM Connector on a Windows Server 2008 ? I want to migrate a old ASP Web Solution with DCOM Connection to SAP from Windows 2000 Server to Windows 2008 Server. When I try to install the DCOM Connector I get the Error Message: "Setup could… >>> More
Windows Server 2008 R2: AD Module for Windows PowerShell

as seen on Internet.com - Search for 'Internet.com'
Windows Server 2008 R2 includes a new Active Directory module for Windows PowerShell, a consolidated group of 76 cmdlets that can perform a host of tasks against Active Directory's various services. >>> More
Windows Server 2008 Directory Services, Group Policy Preferences - More Control Panel Settings

as seen on Internet.com - Search for 'Internet.com'
In Windows Server 2008, Group Policy Preferences makes it possible to reap the chief benefits of an Active Directory environment by simplifying client management. Control Panel Settings nodes in the Group Policy Management Editor makes this possible. >>> More
Windows Server 2008 R2: Introducing the AD Administrative Center

as seen on Internet.com - Search for 'Internet.com'
The Active Directory Administrative Center in Windows Server 2008 R2 is a significant improvement over its predecessor. Although not without limitations, it offers beefed-up management of AD objects, new navigation capabilities, better task-based management options, and improvements to the properties… >>> More