1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Computer on Network sending out 1000s of packets - UNPROMPTED

Discussion in 'Networking (Hardware & Software)' started by RAMDISK, 2003/02/14.

Thread Status:
Not open for further replies.
  1. 2003/02/14
    RAMDISK

    RAMDISK Inactive Thread Starter

    Joined:
    2002/10/08
    Messages:
    36
    Likes Received:
    0
    hello everyone

    I have a problem at work. one of the computers here running windows 2000 pro is sending out 1000s of packets to random ip addresses. Aside from the incredible security risk this creates, it also takes up all of the UDP ports on our Linux DNS/mail server.
    Anybody know what may be causing this?
    We use static IP addressing over TCP/IP

    if you need more info. I'll see what I can get you.

    Also is there a DOS command that will identify all of the processes running and show which ports they use, respectively?

    Thanks
     
    Last edited: 2003/02/14
    RAMDISK,
    #1
  2. 2003/02/14
    terrafutan

    terrafutan Inactive

    Joined:
    2002/12/30
    Messages:
    28
    Likes Received:
    0
    SQL SLAMMER Worm

    Sounds like the SQL worm that killed the internet on the weekend of the 24th Jan

    From symantec...

    The worm continuously sends traffic to randomly generated IP addresses, attempting to send itself to hosts running the Microsoft SQL Server Resolution Service, and that, therefore listens on that particular port.

    http://securityresponse.symantec.com/avcenter/venc/data/w32.sqlexp.worm.html
     
    terrafutan,
    #2


  3. to hide this advert.

  4. 2003/02/14
    RAMDISK

    RAMDISK Inactive Thread Starter

    Joined:
    2002/10/08
    Messages:
    36
    Likes Received:
    0
    would that affect a system not running SQL or MSDE?
     
    RAMDISK,
    #3
  5. 2003/02/14
    terrafutan

    terrafutan Inactive

    Joined:
    2002/12/30
    Messages:
    28
    Likes Received:
    0
    I assume so from this statement on the site.

    Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me

    It can't hurt to try the patch. That is the only think I can think of that would send out 1000s of packets to random addresses.

    Have you restarted the affected machine at all ? apparently the slammer never wrote anything to harddrive, so it should be a tsr and removable by a cold boot.

    Maybe some more info on the system thats having the problem, but it sure sounds like slammer.
     
    terrafutan,
    #4
  6. 2003/02/18
    RAMDISK

    RAMDISK Inactive Thread Starter

    Joined:
    2002/10/08
    Messages:
    36
    Likes Received:
    0
    Sounds like slammer, looks like slammer but it's not slammer.
    I ran the symantec utility as well as the mcafee utility but to no avail.

    I did find a program that tells me what processes are using which ports. The program is called socket port owner and is obtainable
    here:

    http://www.members.shaw.ca/FlyYaSoftware/

    It showed that a program called NAVSVC.exe was causing the problem. After stopping this process, the problem was solved.

    Anybody know what NAVSVC.exe is?
     
    RAMDISK,
    #5
  7. 2003/02/18
    al smith

    al smith Inactive

    Joined:
    2003/02/18
    Messages:
    6
    Likes Received:
    0
    that look's like the Norton Antivirus system services.
     
    al smith,
    #6
  8. 2003/02/18
    Newt

    Newt Inactive

    Joined:
    2002/01/07
    Messages:
    10,974
    Likes Received:
    2
    Only mention I can find of that particular exe file points to 63.151.165.220 / www.digital-war.net - and the site seems to be unavailable right now.
     
    Newt,
    #7
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...