R
RangerWWC
I work for a small technology company that supports a LAN
and Internet connection for a college apartment complex.
We're running 2 redhat servers that serve as our firewall,
DHCP, & NAT server. I have found a handful of XP (pro &
home) machines that for some reason will flood the network
with tons of traffic on TCP port 445. This flooding pretty
much bring down the network. The obvious problem you'd
think is a virus, spyware, or malware. The three machines
I have looked at had no virus (scanned with norton and
AVG), at least it didnt have a virus when I got to the
machine. I also got all the spyware, malware, p2p, and
anything else looking suspicious cleaned off. Still all 3
machines were spitting out tons of traffic on TCP port 445.
I installed SP2 on all 3 machines. That fixed 2 of them.
The third machine is why I am coming to you all. Please
note that SP2 did slow down the traffic coming from port
445. I went from 50,60,70 TCP sessions to about 10
sessions. I dug a little deeper and found that it was
Explorer.exe initiating the TCP sessions and sending
packets out on port 445. I used the netstat command to
gather that information. I used a third party firwall to
stop the traffic but thats not really fixing the obviuos
problem I have with Explorer.exe. I noticed that
explorer.exe has bloated to about 40mb in the system
process list. So does anyone have any thoughts?
and Internet connection for a college apartment complex.
We're running 2 redhat servers that serve as our firewall,
DHCP, & NAT server. I have found a handful of XP (pro &
home) machines that for some reason will flood the network
with tons of traffic on TCP port 445. This flooding pretty
much bring down the network. The obvious problem you'd
think is a virus, spyware, or malware. The three machines
I have looked at had no virus (scanned with norton and
AVG), at least it didnt have a virus when I got to the
machine. I also got all the spyware, malware, p2p, and
anything else looking suspicious cleaned off. Still all 3
machines were spitting out tons of traffic on TCP port 445.
I installed SP2 on all 3 machines. That fixed 2 of them.
The third machine is why I am coming to you all. Please
note that SP2 did slow down the traffic coming from port
445. I went from 50,60,70 TCP sessions to about 10
sessions. I dug a little deeper and found that it was
Explorer.exe initiating the TCP sessions and sending
packets out on port 445. I used the netstat command to
gather that information. I used a third party firwall to
stop the traffic but thats not really fixing the obviuos
problem I have with Explorer.exe. I noticed that
explorer.exe has bloated to about 40mb in the system
process list. So does anyone have any thoughts?