This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Traffic slowing network

0

Hello,

I have an issue on 2 servers where there appears to be traffic that is slowing down the internet connection considerably. Appears to be a DoS. Does anything in this log stick out? I see constant external IP's as a source, and destination as the LAN address:

Transmission Control Protocol, Src Port: ms-wbt-server (3389), Dst Port: 4935 (4935), Seq: 1, Ack: 1, Len: 0

8   0.002206    217.18.199.100  10.0.1.41   TCP 60  ms-wbt-server > 4935 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

asked 24 Aug ‘11, 09:41

isilber's gravatar image

isilber
1111
accept rate: 0%

edited 24 Aug ‘11, 17:53

helloworld's gravatar image

helloworld
3.1k42041

2 Answers:

0

I have the same issue. Many of our servers are connection fast to outside ip's on port 3389 with source port 4935. Anyone know what this could be and how to fix it? We ran two different virusscanners, but both couldn't solve it. Our firewall crashes when I start 2 or more of these infected servers. Huge problem, can you help?

answered 24 Aug '11, 14:00

sander's gravatar image

sander
1
accept rate: 0%

0

Sounds like the same exact problem. I have configured our firewall to block 3389 traffic from the affected machines LAN > WAN...until i can resolve this problem.

answered 24 Aug '11, 17:12

isilber's gravatar image

isilber
1111
accept rate: 0%