This is our old Q&A Site. Please post any new questions and answers at


I have an issue on 2 servers where there appears to be traffic that is slowing down the internet connection considerably. Appears to be a DoS. Does anything in this log stick out? I see constant external IP's as a source, and destination as the LAN address:

Transmission Control Protocol, Src Port: ms-wbt-server (3389), Dst Port: 4935 (4935), Seq: 1, Ack: 1, Len: 0

8   0.002206   TCP 60  ms-wbt-server > 4935 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

asked 24 Aug '11, 09:41

isilber's gravatar image

accept rate: 0%

edited 24 Aug '11, 17:53

helloworld's gravatar image


I have the same issue. Many of our servers are connection fast to outside ip's on port 3389 with source port 4935. Anyone know what this could be and how to fix it? We ran two different virusscanners, but both couldn't solve it. Our firewall crashes when I start 2 or more of these infected servers. Huge problem, can you help?

permanent link

answered 24 Aug '11, 14:00

sander's gravatar image

accept rate: 0%

Sounds like the same exact problem. I have configured our firewall to block 3389 traffic from the affected machines LAN > WAN...until i can resolve this problem.

permanent link

answered 24 Aug '11, 17:12

isilber's gravatar image

accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 24 Aug '11, 09:41

question was seen: 8,519 times

last updated: 24 Aug '11, 17:53

p​o​w​e​r​e​d by O​S​Q​A