[email protected]

Forum Replies Created

Viewing 30 posts - 1 through 30 (of 42 total)
  • Author
    Posts
  • in reply to: SpamAssassin for Win32 as a Service #346017

    Re: SpamAssassin for Win32 as a Service

    i’ve found the sloution
    here
    thanks

    in reply to: naive networking question #346016

    Re: naive networking question

    internal range for desktops is as follows

    192.168.xx.xxx
    Netmask: 255.255.252.0 = 22
    HostMin: 192.168.52.1
    HostMax: 192.168.55.254

    in reply to: naive networking question #346015

    Re: naive networking question

    after all its not a naive question
    anyways
    i telnet to that host on 23 it seems to be a switch or , a router or even Vlan interface in a remote site also it seemes to be located on ISP place or Phone Company
    Thanks for your tips

    in reply to: naive networking question #346014

    Re: naive networking question

    for now just an RDP connection

    in reply to: New network for campus – which #346013

    Re: New network for campus – which manufacturer?

    3Com is a good company but we have some bottleneck with some switchs

    in reply to: naive networking question #346012

    Re: naive networking question

    i’ve found something strange very strange

    i ran tracert from home to my server in work ( web server whose assigned a real static ipv4 address ) i’m an ADSL user at home

    the result as follows

    C:>tracert -d 193.227.xxx.xxx #my web server at work
    Tracing route to 193.227.19.7 over a maximum of 30 hops
    1 <1 ms <1 ms <1 ms 192.168.1.1 #my adsl router virtual IP
    2 51 ms 49 ms 51 ms 196.46.xxx.xxx #isp 1st gateway after my router
    3 70 ms 68 ms 63 ms 196.46.xxx.xxx
    4 62 ms 68 ms 62 ms 196.46.xxx.xx
    5 77 ms 75 ms 67 ms 62.140.xxx.xxx
    6 210 ms 101 ms 124 ms 81.21.xxx.xxx
    7 * * * Request timed out. #those hosts seems to be
    8 * * * Request timed out. # assigned a vitrtual IPs
    9 * * * Request timed out. # please see next traecrt
    10 * * * Request timed out.
    11 * * * Request timed out.
    12 * * * Request timed out.
    13 * * * Request timed out.
    14 * * * Request timed out.
    15 81 ms 76 ms 168 ms 193.227.xxx.xxx #reached destination my web server at work
    Trace complete.
    [/CODE]

    i ran tracert from web server in my work to my adsl router i noticed the following
    please note real ip assigned to my adsl router strating with 41.224.xxx.xxx
    the IP 192.168.1.1 is the internal IP address
    please don’t confuse

    [CODE]
    C:>tracert -d 41.224.xxx.xxx
    Tracing route to 41.224.xxx.xxx
    over a maximum of 30 hops:
    1 <1 ms <1 ms <1 ms 10.10.10.10 #virtual IPs
    2 <1 ms <1 ms <1 ms 10.181.90.5 #those not responding when
    3 87 ms * * 172.22.90.101 #i ran tracert from home to my server
    4 28 ms 72 ms 25 ms 172.22.3.101 #please refer to the above tracert result
    5 99 ms 124 ms 84 ms 172.22.1.101
    6 87 ms 91 ms 91 ms 172.17.6.101
    7 6 ms 5 ms 6 ms 81.21.xxx.xxx
    8 97 ms 92 ms 91 ms 62.140.xxx.xxx
    9 94 ms 89 ms 83 ms 196.46.xxx.xxx #my isp network
    10 95 ms 101 ms 102 ms 196.46.xxx.xxx
    11 77 ms 226 ms 178 ms 41.224.xxx.xxx #my adsl router ip address
    Trace complete.
    C:>

    [/CODE]

    i figured out now what was responding to my ping requests
    if you see the following tracert output
    when i ran tracrt from web server to the following ip 172.16.1.2 while the database server is off whose also internal IP address is 172.16.1.2

    [CODE]
    C:>tracert -d 172.16.1.2
    Tracing route to 172.16.1.2 over a maximum of 30 hops
    1 <1 ms <1 ms <1 ms 10.10.10.10 #if you notice
    2 <1 ms <1 ms <1 ms 10.181.90.5 #you will see those IPs are identical with the
    3 85 ms 83 ms 91 ms 172.22.90.101 #above tracert result
    4 61 ms 34 ms 96 ms 172.22.3.101
    5 87 ms 78 ms 84 ms 172.22.1.101
    6 52 ms 48 ms 89 ms 172.16.1.2
    Trace complete.
    [/CODE]

    if you compare both tracert output you will notice similar hosts
    the question now how come to route through internet via private IPs
    is it possible

    i’m confused[CODE]
    C:>tracert -d 193.227.xxx.xxx #my web server at work
    Tracing route to 193.227.19.7 over a maximum of 30 hops
    1 <1 ms <1 ms <1 ms 192.168.1.1 #my adsl router virtual IP
    2 51 ms 49 ms 51 ms 196.46.xxx.xxx #isp 1st gateway after my router
    3 70 ms 68 ms 63 ms 196.46.xxx.xxx
    4 62 ms 68 ms 62 ms 196.46.xxx.xx
    5 77 ms 75 ms 67 ms 62.140.xxx.xxx
    6 210 ms 101 ms 124 ms 81.21.xxx.xxx
    7 * * * Request timed out. #those hosts seems to be
    8 * * * Request timed out. # assigned a vitrtual IPs
    9 * * * Request timed out. # please see next traecrt
    10 * * * Request timed out.
    11 * * * Request timed out.
    12 * * * Request timed out.
    13 * * * Request timed out.
    14 * * * Request timed out.
    15 81 ms 76 ms 168 ms 193.227.xxx.xxx #reached destination my web server at work
    Trace complete.
    [/CODE]

    i ran tracert from web server in my work to my adsl router i noticed the following
    please note real ip assigned to my adsl router strating with 41.224.xxx.xxx
    the IP 192.168.1.1 is the internal IP address
    please don’t confuse

    C:>tracert -d 41.224.xxx.xxx
    Tracing route to 41.224.xxx.xxx
    over a maximum of 30 hops:
    1 <1 ms <1 ms <1 ms 10.10.10.10 #virtual IPs
    2 <1 ms <1 ms <1 ms 10.181.90.5 #those not responding when
    3 87 ms * * 172.22.90.101 #i ran tracert from home to my server
    4 28 ms 72 ms 25 ms 172.22.3.101 #please refer to the above tracert result
    5 99 ms 124 ms 84 ms 172.22.1.101
    6 87 ms 91 ms 91 ms 172.17.6.101
    7 6 ms 5 ms 6 ms 81.21.xxx.xxx
    8 97 ms 92 ms 91 ms 62.140.xxx.xxx
    9 94 ms 89 ms 83 ms 196.46.xxx.xxx #my isp network
    10 95 ms 101 ms 102 ms 196.46.xxx.xxx
    11 77 ms 226 ms 178 ms 41.224.xxx.xxx #my adsl router ip address
    Trace complete.
    C:>

    [/CODE]

    i figured out now what was responding to my ping requests
    if you see the following tracert output
    when i ran tracrt from web server to the following ip 172.16.1.2 while the database server is off whose also internal IP address is 172.16.1.2

    [CODE]
    C:>tracert -d 172.16.1.2
    Tracing route to 172.16.1.2 over a maximum of 30 hops
    1 <1 ms <1 ms <1 ms 10.10.10.10 #if you notice
    2 <1 ms <1 ms <1 ms 10.181.90.5 #you will see those IPs are identical with the
    3 85 ms 83 ms 91 ms 172.22.90.101 #above tracert result
    4 61 ms 34 ms 96 ms 172.22.3.101
    5 87 ms 78 ms 84 ms 172.22.1.101
    6 52 ms 48 ms 89 ms 172.16.1.2
    Trace complete.
    [/CODE]

    if you compare both tracert output you will notice similar hosts
    the question now how come to route through internet via private IPs
    is it possible

    i’m confused[CODE]
    C:>tracert -d 41.224.xxx.xxx
    Tracing route to 41.224.xxx.xxx
    over a maximum of 30 hops:
    1 <1 ms <1 ms <1 ms 10.10.10.10 #virtual IPs
    2 <1 ms <1 ms <1 ms 10.181.90.5 #those not responding when
    3 87 ms * * 172.22.90.101 #i ran tracert from home to my server
    4 28 ms 72 ms 25 ms 172.22.3.101 #please refer to the above tracert result
    5 99 ms 124 ms 84 ms 172.22.1.101
    6 87 ms 91 ms 91 ms 172.17.6.101
    7 6 ms 5 ms 6 ms 81.21.xxx.xxx
    8 97 ms 92 ms 91 ms 62.140.xxx.xxx
    9 94 ms 89 ms 83 ms 196.46.xxx.xxx #my isp network
    10 95 ms 101 ms 102 ms 196.46.xxx.xxx
    11 77 ms 226 ms 178 ms 41.224.xxx.xxx #my adsl router ip address
    Trace complete.
    C:>

    [/CODE]

    i figured out now what was responding to my ping requests
    if you see the following tracert output
    when i ran tracrt from web server to the following ip 172.16.1.2 while the database server is off whose also internal IP address is 172.16.1.2

    C:>tracert -d 172.16.1.2
    Tracing route to 172.16.1.2 over a maximum of 30 hops
    1 <1 ms <1 ms <1 ms 10.10.10.10 #if you notice
    2 <1 ms <1 ms <1 ms 10.181.90.5 #you will see those IPs are identical with the
    3 85 ms 83 ms 91 ms 172.22.90.101 #above tracert result
    4 61 ms 34 ms 96 ms 172.22.3.101
    5 87 ms 78 ms 84 ms 172.22.1.101
    6 52 ms 48 ms 89 ms 172.16.1.2
    Trace complete.
    [/CODE]

    if you compare both tracert output you will notice similar hosts
    the question now how come to route through internet via private IPs
    is it possible

    i’m confused[CODE]
    C:>tracert -d 172.16.1.2
    Tracing route to 172.16.1.2 over a maximum of 30 hops
    1 <1 ms <1 ms <1 ms 10.10.10.10 #if you notice
    2 <1 ms <1 ms <1 ms 10.181.90.5 #you will see those IPs are identical with the
    3 85 ms 83 ms 91 ms 172.22.90.101 #above tracert result
    4 61 ms 34 ms 96 ms 172.22.3.101
    5 87 ms 78 ms 84 ms 172.22.1.101
    6 52 ms 48 ms 89 ms 172.16.1.2
    Trace complete.
    [/CODE]

    if you compare both tracert output you will notice similar hosts
    the question now how come to route through internet via private IPs
    is it possible

    i’m confused

    in reply to: naive networking question #346011

    Re: naive networking question

    no it doesn’t conflict with any ip on the network
    because both internal NIC’s ( db server is configured with only 1 nic connected directly with web server through UTP cable ) are connected directly
    just an ip address and subnetmask entries
    no default gateway nor DNS
    i have no network diagram
    there are no host assigned an IP starting with 172.16. on our network
    please note both servers db and web server are connected directly
    there’s no default gateway on both internal NIC server so internal NIC cannot forward traffic to any subnet
    in my humble opinon there’s no need to poweroff each machine to determine IP addresses assigned to host whose causing the conflict
    a better way is to ran an ip scannner range
    yes i a gree with you we are going to push for DHCP
    but it needs some time because we have a mixture of networks LAN and WAN

    wullieb1;171571 wrote:
    Does the DB server give you a IP Address conflict when powered on???

    Do oyu have a network map?? If you don’t then your in trouble lol.

    Probably the easiest and quickest method to do this is to turn off all machines that you have onsite then turn them on one by one.

    Not a quik and easy fix i’m afraid.

    Now would be a good time to push for DHCP on your network. Much easier to manage and document than statics.

    in reply to: naive networking question #346010

    Re: naive networking question

    biggles 77 i posted again
    any idea
    thanks

    in reply to: naive networking question #346009

    Re: naive networking question

    yes i agree with you DHCP is far superior than static IPs
    yes we bring our laptops but i think its not laptops or usual (PCs – workstations -servers ) hosts
    i think its an active component of network equipments ( switch – router ) or even a Vlan interface
    i asked network admin multiple times about this host , but it seems he don’t know what it is because a third party company built this network
    what do you suggest me to do determine the host what is

    and we have no wi-fi connection in our site

    biggles77;171061 wrote:
    You will need to check each machine manually to find the rogue IP (and this is why DHCP is oh so much more superior than static IPs). Strange that it is not showing up as a clash when you boot the SQL server.

    The ping reply times made me think that you may have had a VPN or similar connection to another office as they are so much slower than when the SQL is running.

    What else is running on your network? Any users bring in laptops or smartphones? Any wireless devices or routers you have forgotten about?

    Anyone got any ideas?

    in reply to: naive networking question #346008

    Re: naive networking question

    we have no DHCP all ips ar assigned manually
    if server it responds as follows
    C:> ping -a 172.16.1.2
    Pinging DataBaseServer [172.16.1.2] with 32 bytes of data:
    Reply from 172.16.1.2: bytes=32 time<1ms TTL=128
    Reply from 172.16.1.2: bytes=32 time<1ms TTL=128
    Reply from 172.16.1.2: bytes=32 time<1ms TTL=128
    Reply from 172.16.1.2: bytes=32 time<1ms TTL=128
    Ping statistics for 172.16.1.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
    if it’s not up the reply as the following

    C:>ping -a 172.16.1.2
    Pinging 172.16.1.2 with 32 bytes of data:
    Reply from 172.16.1.2: bytes=32 time=80ms TTL=57
    Reply from 172.16.1.2: bytes=32 time=14ms TTL=57
    Reply from 172.16.1.2: bytes=32 time=79ms TTL=57
    Reply from 172.16.1.2: bytes=32 time=29ms TTL=57

    in reply to: naive networking question #346007

    Re: naive networking question

    no each NIC on both server has only 1 different ip address assigned
    and we have no vpn connections to remote sites

    in reply to: naive networking question #346006

    Re: naive networking question

    A1
    this is the output when pingging database server from application server
    please note that database server is powered on

    C:> ping -a 172.16.1.2
    Pinging[B][I][SIZE=2] DataBaseServer[/SIZE][/I][/B] [172.16.1.2] with 32 bytes of data:
    Reply from 172.16.1.2: bytes=32 time<1ms TTL=128
    Reply from 172.16.1.2: bytes=32 time<1ms TTL=128
    Reply from 172.16.1.2: bytes=32 time<1ms TTL=128
    Reply from 172.16.1.2: bytes=32 time<1ms TTL=128
    Ping statistics for 172.16.1.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
    [/CODE]

    this is the output when pingging database server from application server
    please note database server is [B][I][SIZE=2]powered off[/SIZE][/I][/B]
    [CODE]
    C:>[B][I][SIZE=2]ping -a 172.16.1.2[/SIZE][/I][/B]
    Pinging 172.16.1.2 with 32 bytes of data:
    Reply from 172.16.1.2: bytes=32 time=80ms TTL=57
    Reply from 172.16.1.2: bytes=32 time=14ms TTL=57
    Reply from 172.16.1.2: bytes=32 time=79ms TTL=57
    Reply from 172.16.1.2: bytes=32 time=29ms TTL=57

    [/CODE]

    A2
    both servers have no DNS records

    A3
    we have no DC just stand alone servers and hosts

    i haven’t modfified hosts file
    what do mean by “Do any of the dual homed Servers have the 172.16.1.2 IP added to more than the 1 NIC? 30th June 2009 19:45″[CODE]
    C:> ping -a 172.16.1.2
    Pinging DataBaseServer [172.16.1.2] with 32 bytes of data:
    Reply from 172.16.1.2: bytes=32 time<1ms TTL=128
    Reply from 172.16.1.2: bytes=32 time<1ms TTL=128
    Reply from 172.16.1.2: bytes=32 time<1ms TTL=128
    Reply from 172.16.1.2: bytes=32 time<1ms TTL=128
    Ping statistics for 172.16.1.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
    [/CODE]

    this is the output when pingging database server from application server
    please note database server is powered off

    C:>[B][I][SIZE=2]ping -a 172.16.1.2[/SIZE][/I][/B]
    Pinging 172.16.1.2 with 32 bytes of data:
    Reply from 172.16.1.2: bytes=32 time=80ms TTL=57
    Reply from 172.16.1.2: bytes=32 time=14ms TTL=57
    Reply from 172.16.1.2: bytes=32 time=79ms TTL=57
    Reply from 172.16.1.2: bytes=32 time=29ms TTL=57

    [/CODE]

    A2
    both servers have no DNS records

    A3
    we have no DC just stand alone servers and hosts

    i haven’t modfified hosts file
    what do mean by “Do any of the dual homed Servers have the 172.16.1.2 IP added to more than the 1 NIC? 30th June 2009 19:45″[CODE]
    C:>ping -a 172.16.1.2
    Pinging 172.16.1.2 with 32 bytes of data:
    Reply from 172.16.1.2: bytes=32 time=80ms TTL=57
    Reply from 172.16.1.2: bytes=32 time=14ms TTL=57
    Reply from 172.16.1.2: bytes=32 time=79ms TTL=57
    Reply from 172.16.1.2: bytes=32 time=29ms TTL=57

    [/CODE]

    A2
    both servers have no DNS records

    A3
    we have no DC just stand alone servers and hosts

    i haven’t modfified hosts file
    what do mean by “Do any of the dual homed Servers have the 172.16.1.2 IP added to more than the 1 NIC? 30th June 2009 19:45”

    in reply to: naive networking question #346005

    Re: naive networking question

    here is the output of ipconfig/all on the server exposed to the internet which has real static ip address
    please note ipv6 is installed on nic but its void

    Microsoft Windows [Version 6.0.6001]
    Copyright (c) 2006 Microsoft Corporation. All rights reserved.

    C:>ipconfig/ALL

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : APPSRV
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . :

    Ethernet adapter Internal:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
    VBD Client) #2
    Physical Address. . . . . . . . . : 00-1E-xx-xx-xx-xx
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::14d8:7ef5:d579:df5b%11(Preferred)
    IPv4 Address. . . . . . . . . . . : 172.16.1.1(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.0.0
    Default Gateway . . . . . . . . . :
    DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
    fec0:0:0:ffff::2%1
    fec0:0:0:ffff::3%1
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter External:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
    VBD Client)
    Physical Address. . . . . . . . . : 00-1E-xx-xx-xx-xx
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv4 Address. . . . . . . . . . . : 193.227.xxx.xxx(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.224
    Default Gateway . . . . . . . . . : 193.230.xxx.xxx
    DNS Servers . . . . . . . . . . . : 193.230.xxx.xxx
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 8:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : isatap
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 9:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : isatap.{E6D976AF-2BC2-41B5-951B-697C174E6
    149}
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 11:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft 6to4 Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv6 Address. . . . . . . . . . . : 2002:c1e3:1304::c1e3:1304(Preferred)
    Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
    DNS Servers . . . . . . . . . . . : 193.230.xxx.xxx
    NetBIOS over Tcpip. . . . . . . . : Disabled

    C:>
    [/CODE]

    here’s the output of second server database server
    please note the other NIC is disabled
    both database server connected to application server through cat6 UTP cable directly ( 2nd NIC on db server to 2nd NIC on application server )

    [CODE]Microsoft Windows [Version 6.0.6001]
    Copyright (c) 2006 Microsoft Corporation. All rights reserved.

    C:>ipconfig/all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : DataBaseServer
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Local Area Connection 2:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
    VBD Client) #2
    Physical Address. . . . . . . . . : 00-1E-xx-xx-xx-xx
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::9dec:79a4:718f:b9ea%11(Preferred)
    IPv4 Address. . . . . . . . . . . : 172.16.1.2(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.0.0
    Default Gateway . . . . . . . . . :
    DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
    fec0:0:0:ffff::2%1
    fec0:0:0:ffff::3%1
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 9:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : isatap.{785AF28F-EE3A-4558-9BCD-B0D7BFE05
    D5A}
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    C:>
    [/CODE][CODE]
    Microsoft Windows [Version 6.0.6001]
    Copyright (c) 2006 Microsoft Corporation. All rights reserved.

    C:>ipconfig/ALL

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : APPSRV
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . :

    Ethernet adapter Internal:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
    VBD Client) #2
    Physical Address. . . . . . . . . : 00-1E-xx-xx-xx-xx
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::14d8:7ef5:d579:df5b%11(Preferred)
    IPv4 Address. . . . . . . . . . . : 172.16.1.1(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.0.0
    Default Gateway . . . . . . . . . :
    DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
    fec0:0:0:ffff::2%1
    fec0:0:0:ffff::3%1
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter External:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
    VBD Client)
    Physical Address. . . . . . . . . : 00-1E-xx-xx-xx-xx
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv4 Address. . . . . . . . . . . : 193.227.xxx.xxx(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.224
    Default Gateway . . . . . . . . . : 193.230.xxx.xxx
    DNS Servers . . . . . . . . . . . : 193.230.xxx.xxx
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 8:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : isatap
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 9:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : isatap.{E6D976AF-2BC2-41B5-951B-697C174E6
    149}
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 11:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft 6to4 Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv6 Address. . . . . . . . . . . : 2002:c1e3:1304::c1e3:1304(Preferred)
    Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
    DNS Servers . . . . . . . . . . . : 193.230.xxx.xxx
    NetBIOS over Tcpip. . . . . . . . : Disabled

    C:>
    [/CODE]

    here’s the output of second server database server
    please note the other NIC is disabled
    both database server connected to application server through cat6 UTP cable directly ( 2nd NIC on db server to 2nd NIC on application server )

    Microsoft Windows [Version 6.0.6001]
    Copyright (c) 2006 Microsoft Corporation. All rights reserved.

    C:>ipconfig/all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : DataBaseServer
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Local Area Connection 2:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
    VBD Client) #2
    Physical Address. . . . . . . . . : 00-1E-xx-xx-xx-xx
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::9dec:79a4:718f:b9ea%11(Preferred)
    IPv4 Address. . . . . . . . . . . : 172.16.1.2(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.0.0
    Default Gateway . . . . . . . . . :
    DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
    fec0:0:0:ffff::2%1
    fec0:0:0:ffff::3%1
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 9:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : isatap.{785AF28F-EE3A-4558-9BCD-B0D7BFE05
    D5A}
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    C:>
    [/CODE][CODE]Microsoft Windows [Version 6.0.6001]
    Copyright (c) 2006 Microsoft Corporation. All rights reserved.

    C:>ipconfig/all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : DataBaseServer
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Local Area Connection 2:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
    VBD Client) #2
    Physical Address. . . . . . . . . : 00-1E-xx-xx-xx-xx
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::9dec:79a4:718f:b9ea%11(Preferred)
    IPv4 Address. . . . . . . . . . . : 172.16.1.2(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.0.0
    Default Gateway . . . . . . . . . :
    DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
    fec0:0:0:ffff::2%1
    fec0:0:0:ffff::3%1
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 9:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : isatap.{785AF28F-EE3A-4558-9BCD-B0D7BFE05
    D5A}
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    C:>
    [/CODE]

    in reply to: naive networking question #346004

    Re: naive networking question

    Garen;170392 wrote:
    Please make sure that’s just a typo in your post.

    yes indeed it’s a typo
    correct ip =172.16.1.2
    i’ll post a diagram asap

    in reply to: naive networking question #346003

    Re: naive networking question

    gurus of networking any ideas
    i’m stuck with this issue

    Re: How can i enable WOL on Power Edge 2900 III Tower system

    you are welcome

    Re: How can i enable WOL on Power Edge 2900 III Tower system

    I found a solution IPMI is a good choice
    ipmitool.exe -I lan -U user -P password -H ipaddr power on

    or

    ipmitool.exe -I lan -U user -P password -H ipaddr chassis power on

    IPMITool for winodws

    http://www.symantec.com/connect/sites/default/files/ipmitool.zip

    in reply to: wired SYN_SENT flood #346000

    Re: wired SYN_SENT flood

    Thanks Joe

    joeqwerty;165964 wrote:
    I knew it was some type of malware. Glad you got it fixed. Now on to bigger and better things. :-)
    in reply to: wired SYN_SENT flood #345999

    Re: wired SYN_SENT flood

    the sysadmin who told me its conficker was certainly right but its not PERL
    yes indeed he was right from the very first beging
    it was conficker
    have a look here
    link#1
    link#2
    link#3
    link#4
    link#5
    before i ran W32.Downadup Removal Tool i followed the instruction i’m able to reach anti viruses website and get updates
    after i ran symentac W32.Downadup Removal Tool SYN_SENT flood stopped completely
    my problem is fixed now
    thanks joe

    in reply to: wired SYN_SENT flood #345998

    Re: wired SYN_SENT flood

    Hey Joe
    have a look here

    in reply to: wired SYN_SENT flood #345997

    Re: werid SYN_SENT flood

    Thanks Joe
    okay i’ll try this when i’m on site and post here again

    in reply to: wired SYN_SENT flood #345996

    Re: wired SYN_SENT flood

    an addition
    how amazing discovery the server become very responsive after stopping services as much as i can and the web server still running smoothly

    but SYN_SENT flood still exist
    please note that svchost.exe still has the PID 892 and just running 2 services
    AeLookupSvc Application Experience Lookup Service and winmgmt Windows Management Instrumentation
    here’s the output of
    #tasklist /svc

    Image Name PID Services
    ========================= ======== ============================================
    System Idle Process 0 N/A
    System 4 N/A
    smss.exe 424 N/A
    csrss.exe 472 N/A
    winlogon.exe 500 N/A
    services.exe 548 Eventlog, PlugPlay
    lsass.exe 560 HTTPFilter, PolicyAgent, ProtectedStorage,
    SamSs
    svchost.exe 716 DcomLaunch
    svchost.exe 780 RpcSs
    svchost.exe 868 Dnscache
    svchost.exe 892 AeLookupSvc, winmgmt
    msdtc.exe 992 MSDTC
    dllhost.exe 1148 Acronis VSS Provider
    schedul2.exe 1168 AcrSch2Svc
    dsm_sa_eventmgr32.exe 1300 dcevt32
    dsm_sa_datamgr32.exe 1316 dcstor32
    mr2kserv.exe 1448 mr2kserv
    dsm_om_shrsvc32.exe 1524 omsad
    dsm_om_connsvc32.exe 2088 Server Administrator
    svchost.exe 2176 W32Time
    svchost.exe 3292 TermService
    wmiprvse.exe 3952 N/A
    explorer.exe 4412 N/A
    TrueImageMonitor.exe 4584 N/A
    TimounterMonitor.exe 4592 N/A
    schedhlp.exe 4600 N/A
    jusched.exe 4640 N/A
    csrss.exe 684 N/A
    winlogon.exe 5776 N/A
    rdpclip.exe 4992 N/A
    ctfmon.exe 4128 N/A
    explorer.exe 6016 N/A
    TrueImageMonitor.exe 4324 N/A
    TimounterMonitor.exe 4272 N/A
    schedhlp.exe 620 N/A
    ClamTray.exe 4900 N/A
    jusched.exe 828 N/A
    Serv-U-Tray.exe 4340 N/A
    ApacheMonitor.exe 4380 N/A
    oobechk.exe 4180 N/A
    mshta.exe 1908 N/A
    taskmgr.exe 5084 N/A
    rdpclip.exe 1596 N/A
    taskmgr.exe 696 N/A
    inetinfo.exe 640 IISADMIN
    svchost.exe 5216 W3SVC
    w3wp.exe 4144 N/A
    w3wp.exe 3464 N/A
    w3wp.exe 5764 N/A
    procexp.exe 5368 N/A
    mmc.exe 1472 N/A
    cmd.exe 5780 N/A
    notepad.exe 3876 N/A
    w3wp.exe 2172 N/A
    wmiprvse.exe 2716 N/A
    csrss.exe 4068 N/A
    winlogon.exe 5284 N/A
    tasklist.exe 4200 N/A

    and the output of netstat -ano

    #netstat -ano

    Active Connections

    Proto Local Address Foreign Address State PID
    TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 780
    TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
    TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING 992
    TCP 0.0.0.0:1045 0.0.0.0:0 LISTENING 560
    TCP 0.0.0.0:1311 0.0.0.0:0 LISTENING 2088
    TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 3292
    TCP 0.0.0.0:7854 0.0.0.0:0 LISTENING 892
    TCP 127.0.0.1:80 0.0.0.0:0 LISTENING 4
    TCP xxx.xxx.xxx.xxx:80 0.0.0.0:0 LISTENING 4
    TCP xxx.xxx.xxx.xxx:80 66.249.66.227:45010 TIME_WAIT 0
    TCP xxx.xxx.xxx.xxx:135 xxx.xxx.xxx.xxx:3432 ESTABLISHED 780
    TCP xxx.xxx.xxx.xxx:139 0.0.0.0:0 LISTENING 4
    TCP xxx.xxx.xxx.xxx:1089 119.31.50.64:445 FIN_WAIT_1 892
    TCP xxx.xxx.xxx.xxx:2136 87.45.81.20:445 TIME_WAIT 0
    TCP xxx.xxx.xxx.xxx:2146 193.74.228.3:445 FIN_WAIT_1 892
    TCP xxx.xxx.xxx.xxx:2786 86.108.15.65:445 TIME_WAIT 0
    TCP xxx.xxx.xxx.xxx:3126 88.80.224.61:445 FIN_WAIT_1 892
    TCP xxx.xxx.xxx.xxx:3386 62.60.214.71:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3387 39.92.154.45:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3388 136.119.202.74:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3389 41.223.54.202:3853 ESTABLISHED 3292
    TCP xxx.xxx.xxx.xxx:3390 38.122.68.93:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3391 22.16.243.9:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3392 35.39.172.10:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3393 221.51.199.85:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3394 31.109.39.40:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3395 61.114.109.100:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3396 175.60.77.118:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3397 71.21.239.5:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3398 52.100.174.6:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3399 58.12.224.63:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3400 223.56.99.103:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3401 53.9.20.73:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3402 102.58.138.103:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3403 47.36.28.34:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3404 123.17.237.104:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3405 207.11.133.49:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3406 105.25.218.119:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3408 19.126.230.6:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3409 44.52.22.48:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3410 158.46.58.54:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3411 192.61.145.34:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3412 221.59.186.54:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3413 33.40.160.33:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3414 57.48.151.127:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3415 88.117.93.42:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3416 223.124.248.119:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3417 103.59.91.120:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3418 45.47.35.33:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3419 12.35.30.2:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3420 148.26.158.74:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3421 17.68.64.107:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3422 188.56.12.25:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3423 77.104.22.94:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3424 150.121.254.82:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3425 52.110.163.29:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3426 163.113.89.23:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3427 53.38.206.65:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3428 222.12.7.60:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3429 76.43.144.72:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3430 50.54.4.111:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3431 174.28.153.14:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3432 xxx.xxx.xxx.xxx:135 ESTABLISHED 1908
    TCP xxx.xxx.xxx.xxx:3433 104.111.122.23:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3434 186.85.60.36:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3435 99.74.252.8:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3436 113.87.73.21:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3437 155.7.55.125:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3438 130.127.119.57:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3439 215.124.24.11:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3440 162.52.84.60:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3441 221.53.24.47:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3528 88.80.224.107:445 FIN_WAIT_1 892
    UDP 0.0.0.0:445 *:* 4
    UDP 0.0.0.0:500 *:* 560
    UDP 0.0.0.0:4500 *:* 560
    UDP 127.0.0.1:123 *:* 2176
    UDP xxx.xxx.xxx.xxx:123 *:* 2176
    UDP xxx.xxx.xxx.xxx:123 *:* 2176
    UDP xxx.xxx.xxx.xxx:137 *:* 4
    UDP xxx.xxx.xxx.xxx:138 *:* 4

    in reply to: wired SYN_SENT flood #345995

    Re: wired SYN_SENT flood

    I kept stopping services as much as i can some become un stoppable

    #tasklist /svc

    Image Name PID Services
    ========================= ======== ============================================
    System Idle Process 0 N/A
    System 4 N/A
    smss.exe 424 N/A
    csrss.exe 472 N/A
    winlogon.exe 500 N/A
    services.exe 548 Eventlog, PlugPlay
    lsass.exe 560 HTTPFilter, PolicyAgent, ProtectedStorage,
    SamSs
    svchost.exe 716 DcomLaunch
    svchost.exe 780 RpcSs
    svchost.exe 868 Dnscache
    svchost.exe 892 AeLookupSvc, EventSystem, winmgmt

    and the SYN_SENT flood still exist with same output it seems svchost instance with PID 892 now has just 3 services which become un stoppable
    svchost.exe 892 AeLookupSvc, EventSystem, winmgmt
    i waited few minutes to capture netstat -ano output which again is the same nothing happened

    here’s the output of netstat -ano

    #netstat -ano

    Active Connections

    Proto Local Address Foreign Address State PID
    TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 780
    TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
    TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING 992
    TCP 0.0.0.0:1045 0.0.0.0:0 LISTENING 560
    TCP 0.0.0.0:1311 0.0.0.0:0 LISTENING 2088
    TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 3292
    TCP 0.0.0.0:7854 0.0.0.0:0 LISTENING 892
    TCP 127.0.0.1:80 0.0.0.0:0 LISTENING 4
    TCP xxx.xxx.xxx.xxx:80 0.0.0.0:0 LISTENING 4
    TCP xxx.xxx.xxx.xxx:80 41.205.112.228:29945 TIME_WAIT 0
    TCP xxx.xxx.xxx.xxx:80 41.205.112.228:29946 ESTABLISHED 4
    TCP xxx.xxx.xxx.xxx:80 66.249.66.227:58574 TIME_WAIT 0
    TCP xxx.xxx.xxx.xxx:135 xxx.xxx.xxx.xxx:3432 ESTABLISHED 780
    TCP xxx.xxx.xxx.xxx:139 0.0.0.0:0 LISTENING 4
    TCP xxx.xxx.xxx.xxx:2146 193.74.228.3:445 FIN_WAIT_1 892
    TCP xxx.xxx.xxx.xxx:2607 117.19.57.62:445 TIME_WAIT 0
    TCP xxx.xxx.xxx.xxx:3126 88.80.224.61:445 FIN_WAIT_1 892
    TCP xxx.xxx.xxx.xxx:3389 41.223.54.202:3853 ESTABLISHED 3292
    TCP xxx.xxx.xxx.xxx:3432 xxx.xxx.xxx.xxx:135 ESTABLISHED 1908
    TCP xxx.xxx.xxx.xxx:3528 88.80.224.107:445 FIN_WAIT_1 892
    TCP xxx.xxx.xxx.xxx:3547 186.100.247.19:445 TIME_WAIT 0
    TCP xxx.xxx.xxx.xxx:4265 39.48.221.8:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4266 174.115.14.113:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4267 71.13.230.70:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4268 65.81.202.97:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4269 222.45.41.53:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4270 156.114.107.65:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4271 94.35.54.33:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4272 40.95.130.5:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4273 61.125.54.53:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4274 223.30.121.61:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4275 115.15.18.24:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4276 199.6.47.15:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4277 16.13.200.22:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4278 160.89.146.82:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4279 37.62.43.22:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4280 109.11.56.20:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4281 134.66.68.16:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4282 156.42.141.61:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4283 169.49.227.22:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4284 163.45.218.92:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4285 19.90.81.17:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4286 123.48.166.57:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4287 163.37.52.43:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4288 174.3.197.20:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4289 163.69.16.53:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4290 14.95.24.12:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4291 88.61.126.116:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4292 178.71.69.32:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4293 136.81.25.53:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4294 191.52.185.110:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4295 76.6.230.80:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4296 222.24.106.103:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4297 27.113.173.88:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4298 147.110.91.68:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4299 125.44.172.96:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4300 216.22.18.6:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4301 28.105.179.16:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4302 204.28.242.5:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4303 22.111.184.86:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4304 140.32.253.102:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4305 182.30.141.37:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4306 180.107.216.23:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4307 155.84.179.71:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4308 11.120.214.67:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4309 78.17.49.45:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4310 112.119.166.93:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4311 136.33.9.56:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:4312 94.74.200.49:445 SYN_SENT 892
    UDP 0.0.0.0:445 *:* 4
    UDP 0.0.0.0:500 *:* 560
    UDP 0.0.0.0:4500 *:* 560
    UDP 127.0.0.1:123 *:* 2176
    UDP xxx.xxx.xxx.xxx:123 *:* 2176
    UDP xxx.xxx.xxx.xxx:123 *:* 2176
    UDP xxx.xxx.xxx.xxx:137 *:* 4
    UDP xxx.xxx.xxx.xxx:138 *:* 4

    if i stop winmgmt which is essential for the system will become un stable and i may lose connectivity with the server
    AeLookupSvc Application Experience Lookup Service become un stoppable

    any ideas

    in reply to: wired SYN_SENT flood #345994

    Re: wired SYN_SENT flood

    This is current output of netstat -ano
    PID belongs to svchost.exe
    svchost.exe 892 AeLookupSvc, CryptSvc, dmserver,
    EventSystem, helpsvc, HidServ,
    lanmanserver, lanmanworkstation, Netman,
    Nla, Schedule, seclogon, SENS,
    SharedAccess, ShellHWDetection, TrkWks,
    winmgmt
    #netstat -ano

    Active Connections

    Proto Local Address Foreign Address State PID
    TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 1928
    TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 780
    TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
    TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING 992
    TCP 0.0.0.0:1045 0.0.0.0:0 LISTENING 560
    TCP 0.0.0.0:1311 0.0.0.0:0 LISTENING 2088
    TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING 1496
    TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 3292
    TCP 0.0.0.0:7854 0.0.0.0:0 LISTENING 892
    TCP 127.0.0.1:25 0.0.0.0:0 LISTENING 2152
    TCP 127.0.0.1:80 0.0.0.0:0 LISTENING 4
    TCP 127.0.0.1:110 0.0.0.0:0 LISTENING 2152
    TCP 127.0.0.1:143 0.0.0.0:0 LISTENING 2152
    TCP 127.0.0.1:1050 0.0.0.0:0 LISTENING 3340
    TCP 127.0.0.1:1842 127.0.0.1:3306 TIME_WAIT 0
    TCP 127.0.0.1:2484 127.0.0.1:3306 ESTABLISHED 3464
    TCP 127.0.0.1:3306 127.0.0.1:2484 ESTABLISHED 1496
    TCP 127.0.0.1:3306 127.0.0.1:3888 ESTABLISHED 1496
    TCP 127.0.0.1:3306 127.0.0.1:3889 ESTABLISHED 1496
    TCP 127.0.0.1:3306 127.0.0.1:3890 ESTABLISHED 1496
    TCP 127.0.0.1:3306 127.0.0.1:3891 ESTABLISHED 1496
    TCP 127.0.0.1:3306 127.0.0.1:3892 ESTABLISHED 1496
    TCP 127.0.0.1:3888 127.0.0.1:3306 ESTABLISHED 2152
    TCP 127.0.0.1:3889 127.0.0.1:3306 ESTABLISHED 2152
    TCP 127.0.0.1:3890 127.0.0.1:3306 ESTABLISHED 2152
    TCP 127.0.0.1:3891 127.0.0.1:3306 ESTABLISHED 2152
    TCP 127.0.0.1:3892 127.0.0.1:3306 ESTABLISHED 2152
    TCP 127.0.0.1:4747 127.0.0.1:3306 TIME_WAIT 0
    TCP 127.0.0.1:43958 0.0.0.0:0 LISTENING 1928
    TCP xxx.xxx.xxx.xxx:80 0.0.0.0:0 LISTENING 1268
    TCP xxx.xxx.xxx.xxx:25 0.0.0.0:0 LISTENING 2152
    TCP xxx.xxx.xxx.xxx:80 0.0.0.0:0 LISTENING 4
    TCP xxx.xxx.xxx.xxx:80 41.237.228.8:1307 ESTABLISHED 4
    TCP xxx.xxx.xxx.xxx:80 41.237.228.8:1363 ESTABLISHED 4
    TCP xxx.xxx.xxx.xxx:80 84.36.146.92:1380 ESTABLISHED 4
    TCP xxx.xxx.xxx.xxx:80 84.36.146.92:1381 ESTABLISHED 4
    TCP xxx.xxx.xxx.xxx:110 0.0.0.0:0 LISTENING 2152
    TCP xxx.xxx.xxx.xxx:135 xxx.xxx.xxx.xxx:3432 ESTABLISHED 780
    TCP xxx.xxx.xxx.xxx:139 0.0.0.0:0 LISTENING 4
    TCP xxx.xxx.xxx.xxx:143 0.0.0.0:0 LISTENING 2152
    TCP xxx.xxx.xxx.xxx:1843 xxx.xxx.xxx.xxx:143 TIME_WAIT 0
    TCP xxx.xxx.xxx.xxx:2529 69.97.106.28:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2530 13.38.16.90:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2531 178.77.152.13:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2532 53.65.88.114:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2533 99.48.27.39:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2534 181.87.252.67:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2535 140.81.65.40:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2536 142.32.51.64:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2537 163.80.116.126:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2538 170.22.44.33:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2539 142.82.174.60:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2540 140.32.42.26:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2541 27.87.132.78:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2542 39.68.47.45:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2543 211.108.144.100:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2544 54.26.183.108:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2545 199.109.190.124:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2546 198.13.153.82:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2547 105.55.157.84:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2548 113.18.163.70:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2549 30.48.49.3:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2550 122.16.244.124:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2551 199.49.66.8:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2552 14.96.226.115:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2553 201.92.141.75:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2554 87.126.111.50:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2555 155.100.9.65:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2556 48.108.46.46:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2557 67.91.134.120:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2558 117.107.130.124:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2559 96.115.87.42:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2560 117.52.212.118:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2561 119.107.0.73:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2562 183.48.34.27:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2563 177.77.174.45:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2564 80.37.25.62:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2565 182.77.246.3:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2566 12.12.60.11:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2567 135.72.121.97:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2568 130.52.103.36:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2569 39.35.251.56:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2570 183.61.159.33:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2571 102.80.38.66:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2572 58.119.83.40:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2573 17.124.169.15:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2574 25.4.22.76:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2575 103.70.194.54:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2576 79.34.21.57:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2577 108.37.242.9:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2578 181.15.105.111:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2579 63.29.235.122:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2580 83.75.68.90:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2581 214.66.59.11:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2582 209.43.234.106:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:2583 58.91.93.60:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3126 88.80.224.61:445 FIN_WAIT_1 892
    TCP xxx.xxx.xxx.xxx:3389 41.223.54.202:3853 ESTABLISHED 3292
    TCP xxx.xxx.xxx.xxx:3432 xxx.xxx.xxx.xxx:135 ESTABLISHED 1908
    TCP xxx.xxx.xxx.xxx:3528 88.80.224.107:445 FIN_WAIT_1 892
    TCP xxx.xxx.xxx.xxx:4402 64.119.39.68:445 TIME_WAIT 0
    TCP xxx.xxx.xxx.xxx:4749 xxx.xxx.xxx.xxx:143 TIME_WAIT 0
    UDP 0.0.0.0:161 *:* 2100
    UDP 0.0.0.0:445 *:* 4
    UDP 0.0.0.0:500 *:* 560
    UDP 0.0.0.0:4500 *:* 560
    UDP 127.0.0.1:123 *:* 2176
    UDP xxx.xxx.xxx.xxx:123 *:* 2176
    UDP xxx.xxx.xxx.xxx:123 *:* 2176
    UDP xxx.xxx.xxx.xxx:137 *:* 4
    UDP xxx.xxx.xxx.xxx:138 *:* 4

    also the server update service is stopped anc can’t be started

    yes you are right some kind of malware but what kind of malware i ran multiple checks with different av’s with no luck

    in reply to: wired SYN_SENT flood #345993

    Re: werid SYN_SENT flood

    Hi all and specially joeqwerty
    I’m back again with same problem
    i went to site and unplugged the network cable then ran netstat -ano
    please note server has 2 real static ips 1st is assigned to IIS and 2nd assigned to apache so please don’t confuse by 2 listening entries on port 80
    output after unplugging network cable
    #netstat -ano

    Active Connections

    Proto Local Address Foreign Address State PID
    TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 1928
    TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 780
    TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
    TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING 992
    TCP 0.0.0.0:1045 0.0.0.0:0 LISTENING 560
    TCP 0.0.0.0:1311 0.0.0.0:0 LISTENING 2088
    TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING 1496
    TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 3292
    TCP 0.0.0.0:7854 0.0.0.0:0 LISTENING 892
    TCP 127.0.0.1:25 0.0.0.0:0 LISTENING 2244
    TCP 127.0.0.1:80 0.0.0.0:0 LISTENING 4
    TCP 127.0.0.1:110 0.0.0.0:0 LISTENING 2244
    TCP 127.0.0.1:143 0.0.0.0:0 LISTENING 2244
    TCP 127.0.0.1:1040 127.0.0.1:3306 ESTABLISHED 2244
    TCP 127.0.0.1:1041 127.0.0.1:3306 ESTABLISHED 2244
    TCP 127.0.0.1:1042 127.0.0.1:3306 ESTABLISHED 2244
    TCP 127.0.0.1:1043 127.0.0.1:3306 ESTABLISHED 2244
    TCP 127.0.0.1:1044 127.0.0.1:3306 ESTABLISHED 2244
    TCP 127.0.0.1:1050 0.0.0.0:0 LISTENING 3340
    TCP 127.0.0.1:3306 127.0.0.1:1040 ESTABLISHED 1496
    TCP 127.0.0.1:3306 127.0.0.1:1041 ESTABLISHED 1496
    TCP 127.0.0.1:3306 127.0.0.1:1042 ESTABLISHED 1496
    TCP 127.0.0.1:3306 127.0.0.1:1043 ESTABLISHED 1496
    TCP 127.0.0.1:3306 127.0.0.1:1044 ESTABLISHED 1496
    TCP 127.0.0.1:43958 0.0.0.0:0 LISTENING 1928
    TCP xxx.xxx.xxx.xxx:80 0.0.0.0:0 LISTENING 1268
    TCP xxx.xxx.xxx.xxx:80 0.0.0.0:0 LISTENING 4
    UDP 0.0.0.0:161 *:* 2100
    UDP 0.0.0.0:445 *:* 4
    UDP 0.0.0.0:500 *:* 560
    UDP 0.0.0.0:4500 *:* 560
    UDP 127.0.0.1:123 *:* 2176

    i plugged network cable again but this time not connected to the internet this time the behavior is completely different
    output after plugging network cable to LAN

    Proto Local Address Foreign Address State PID
    TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 1928
    TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 780
    TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
    TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING 992
    TCP 0.0.0.0:1045 0.0.0.0:0 LISTENING 560
    TCP 0.0.0.0:1311 0.0.0.0:0 LISTENING 2088
    TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING 1496
    TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 3292
    TCP 0.0.0.0:7854 0.0.0.0:0 LISTENING 892
    TCP 127.0.0.1:25 0.0.0.0:0 LISTENING 2244
    TCP 127.0.0.1:80 0.0.0.0:0 LISTENING 4
    TCP 127.0.0.1:110 0.0.0.0:0 LISTENING 2244
    TCP 127.0.0.1:143 0.0.0.0:0 LISTENING 2244
    TCP 127.0.0.1:1040 127.0.0.1:3306 ESTABLISHED 2244
    TCP 127.0.0.1:1041 127.0.0.1:3306 ESTABLISHED 2244
    TCP 127.0.0.1:1042 127.0.0.1:3306 ESTABLISHED 2244
    TCP 127.0.0.1:1043 127.0.0.1:3306 ESTABLISHED 2244
    TCP 127.0.0.1:1044 127.0.0.1:3306 ESTABLISHED 2244
    TCP 127.0.0.1:1050 0.0.0.0:0 LISTENING 3340
    TCP 127.0.0.1:3306 127.0.0.1:1040 ESTABLISHED 1496
    TCP 127.0.0.1:3306 127.0.0.1:1041 ESTABLISHED 1496
    TCP 127.0.0.1:3306 127.0.0.1:1042 ESTABLISHED 1496
    TCP 127.0.0.1:3306 127.0.0.1:1043 ESTABLISHED 1496
    TCP 127.0.0.1:3306 127.0.0.1:1044 ESTABLISHED 1496
    TCP 127.0.0.1:43958 0.0.0.0:0 LISTENING 1928
    TCP xxx.xxx.xxx.xxx:80 0.0.0.0:0 LISTENING 1268
    TCP xxx.xxx.xxx.xxx:80 0.0.0.0:0 LISTENING 4
    TCP xxx.xxx.xxx.xxx:135 xxx.xxx.xxx.xxx:3632 ESTABLISHED 780
    TCP xxx.xxx.xxx.xxx:139 0.0.0.0:0 LISTENING 4
    TCP xxx.xxx.xxx.xxx:3632 xxx.xxx.xxx.xxx:135 ESTABLISHED 4732
    TCP xxx.xxx.xxx.xxx:3652 xxx.xxx.xxx.xxx:445 SYN_SENT 892
    TCP xxx.xxx.xxx.xxx:3653 xxx.xxx.xxx.xxx:445 SYN_SENT 892

    UDP 0.0.0.0:161 *:* 2100
    UDP 0.0.0.0:445 *:* 4
    UDP 0.0.0.0:500 *:* 560
    UDP 0.0.0.0:4500 *:* 560
    UDP 0.0.0.0:54969 *:* 868
    UDP 127.0.0.1:123 *:* 2176
    UDP xxx.xxx.xxx.xxx:123 *:* 2176
    UDP xxx.xxx.xxx.xxx:123 *:* 2176
    UDP xxx.xxx.xxx.xxx:137 *:* 4
    UDP xxx.xxx.xxx.xxx:138 *:* 4

    entries with underline is what to be seems different the SYN_SENT is sent to hosts on my network subnet each time i ran netstat -ano i got different host ip with SYN_SENT on same subnet every instance of netstat -ano returns different results
    with different host ip

    also i noticed a weird entry on built in firewall each time i remove it gets back the entry as follows

    with name jxgqfwjv port 7854 TCP
    i attached a firewallentry.gif

    i scanned the server with multiple anti virus software with no luck for catching at least one

    also i noticed delay in server response when i ran taskmgr the performance seems very fine no cpu 100% no high memory consumption
    any recommendations
    any ideas
    Thanks in advance

    in reply to: wired SYN_SENT flood #345992

    Re: wired SYN_SENT flood

    Hi joe
    maybe the sysadmin who told me conficker may cause symptoms like this is right have a look specially version comparison table
    http://en.wikipedia.org/wiki/Conficker
    a symptom
    Web sites related to antivirus software or the Windows Update service becoming inaccessible

    in reply to: increase the number of RDP connection on win2k8 #345991

    Re: increase the number of RDP connection on win2k8

    Thanks joe
    we already have 5 CAL with our windows server 2008 enterprise license and our installation has been activated but we can’t log on with concurrent users if user1 is logged on when user2 logs on he logs off user1
    is there any workaround to let concurrent users work without logging off each other

    in reply to: wired SYN_SENT flood #345990

    Re: weird SYN_SENT flood

    Ok i will do it asap ,

    in reply to: wired SYN_SENT flood #345989

    Re: wired SYN_SENT flood

    correction
    i’m not sure what the output was when i removed the default gateway entry from the NIC
    but as i think it was the same
    when i get back to the site
    i’ll make sure what the output is and post it here again

    in reply to: wired SYN_SENT flood #345988

    Re: weird SYN_SENT flood

    no i didn’t unplugged the network cable
    what i meant i disconnected the server from the internet by removing the gateway
    but same output keeps showing
    right now i cannot disconnect the server from the internet , because i’m off site now
    heres an output from the server
    PID 928 belongs to svchost.exe
    svchost.exe 720 DcomLaunch
    svchost.exe 804 RpcSs
    svchost.exe 876 Dnscache
    svchost.exe 912 W32Time
    svchost.exe 928 AeLookupSvc, CryptSvc, dmserver,
    EventSystem, helpsvc, HidServ,
    lanmanserver, lanmanworkstation, Netman,
    Nla, Schedule, seclogon, SENS,
    SharedAccess, ShellHWDetection, TrkWks,
    winmgmt

    # netstat -ano

    Active Connections

    Proto Local Address Foreign Address State PID
    TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 2112
    TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 804
    TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
    TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING 1088
    TCP 0.0.0.0:1040 0.0.0.0:0 LISTENING 560
    TCP 0.0.0.0:1311 0.0.0.0:0 LISTENING 2200
    TCP 0.0.0.0:1529 0.0.0.0:0 LISTENING 2112
    TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING 1620
    TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 3436
    TCP 0.0.0.0:7854 0.0.0.0:0 LISTENING 928
    TCP 127.0.0.1:25 0.0.0.0:0 LISTENING 2372
    TCP 127.0.0.1:80 0.0.0.0:0 LISTENING 4
    TCP 127.0.0.1:110 0.0.0.0:0 LISTENING 2372
    TCP 127.0.0.1:143 0.0.0.0:0 LISTENING 2372
    TCP 127.0.0.1:1041 127.0.0.1:3306 ESTABLISHED 2372
    TCP 127.0.0.1:1042 127.0.0.1:3306 ESTABLISHED 2372
    TCP 127.0.0.1:1043 127.0.0.1:3306 ESTABLISHED 2372
    TCP 127.0.0.1:1044 127.0.0.1:3306 ESTABLISHED 2372
    TCP 127.0.0.1:1045 127.0.0.1:3306 ESTABLISHED 2372
    TCP 127.0.0.1:1050 0.0.0.0:0 LISTENING 3540
    TCP 127.0.0.1:1050 192.168.54.80:3093 ESTABLISHED 3540
    TCP 127.0.0.1:1050 192.168.54.80:3942 ESTABLISHED 3540
    TCP 127.0.0.1:2795 127.0.0.1:3306 ESTABLISHED 3168
    TCP 127.0.0.1:3306 127.0.0.1:1041 ESTABLISHED 1620
    TCP 127.0.0.1:3306 127.0.0.1:1042 ESTABLISHED 1620
    TCP 127.0.0.1:3306 127.0.0.1:1043 ESTABLISHED 1620
    TCP 127.0.0.1:3306 127.0.0.1:1044 ESTABLISHED 1620
    TCP 127.0.0.1:3306 127.0.0.1:1045 ESTABLISHED 1620
    TCP 127.0.0.1:3306 127.0.0.1:2795 ESTABLISHED 1620
    TCP 127.0.0.1:43958 0.0.0.0:0 LISTENING 2112
    TCP xxx.xxx.xxx.xxx:80 0.0.0.0:0 LISTENING 1352
    TCP xxx.xxx.xxx.xxx:25 0.0.0.0:0 LISTENING 2372
    TCP xxx.xxx.xxx.xxx:80 0.0.0.0:0 LISTENING 4
    TCP xxx.xxx.xxx.xxx:80 66.249.72.105:54102 ESTABLISHED 4
    TCP xxx.xxx.xxx.xxx:80 210.51.54.165:61416 TIME_WAIT 0
    TCP xxx.xxx.xxx.xxx:110 0.0.0.0:0 LISTENING 2372
    TCP xxx.xxx.xxx.xxx:139 0.0.0.0:0 LISTENING 4
    TCP xxx.xxx.xxx.xxx:143 0.0.0.0:0 LISTENING 2372
    TCP xxx.xxx.xxx.xxx:1342 xxx.xxx.xxx.xxx:21 ESTABLISHED 3540
    TCP xxx.xxx.xxx.xxx:1563 208.43.83.54:445 TIME_WAIT 0
    TCP xxx.xxx.xxx.xxx:1797 195.113.253.32:445 FIN_WAIT_1 928
    TCP xxx.xxx.xxx.xxx:1835 88.80.225.119:445 FIN_WAIT_1 928
    TCP xxx.xxx.xxx.xxx:2016 69.71.80.70:445 FIN_WAIT_2 928
    TCP xxx.xxx.xxx.xxx:2746 31.66.88.51:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2747 125.59.203.14:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2748 89.72.3.14:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2749 79.117.21.72:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2750 176.12.25.112:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2751 18.51.70.67:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2752 196.27.232.41:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2753 138.2.196.35:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2754 31.14.229.56:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2755 151.108.14.82:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2756 23.77.57.37:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2757 222.111.106.110:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2758 107.125.250.83:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2759 90.106.45.39:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2760 85.80.190.37:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2761 78.54.163.2:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2762 185.113.31.23:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2763 121.120.66.117:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2764 93.18.153.17:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2765 73.19.167.26:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2766 54.28.106.97:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2767 199.58.160.65:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2768 154.69.83.25:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2769 108.4.232.113:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2770 19.16.230.108:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2771 131.67.134.30:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2772 187.95.12.4:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2773 19.47.94.78:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2774 129.105.31.19:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2775 94.74.56.104:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2776 221.28.140.54:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2777 42.70.104.42:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2778 87.14.76.48:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2779 151.81.6.14:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2780 181.46.99.62:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2781 101.44.222.113:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2782 87.25.42.71:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2783 187.84.166.37:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2784 57.103.25.16:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2785 147.44.155.112:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2786 148.35.13.104:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2787 164.42.113.57:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2788 194.126.113.54:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2789 20.23.118.32:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2790 169.99.215.48:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2791 176.22.31.32:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2792 145.64.102.116:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2793 217.28.135.51:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:2794 210.83.211.20:445 SYN_SENT 928
    TCP xxx.xxx.xxx.xxx:3389 41.223.54.202:1782 ESTABLISHED 3436
    TCP xxx.xxx.xxx.xxx:3416 xxx.xxx.xxx.xxx:21 ESTABLISHED 3540
    TCP xxx.xxx.xxx.xxx:3909 88.80.230.72:445 FIN_WAIT_1 928
    TCP xxx.xxx.xxx.xxx:4558 161.110.160.26:445 FIN_WAIT_1 928
    UDP 0.0.0.0:161 *:* 2216
    UDP 0.0.0.0:445 *:* 4
    UDP 0.0.0.0:500 *:* 560
    UDP 0.0.0.0:4500 *:* 560
    UDP 127.0.0.1:123 *:* 912
    UDP xxx.xxx.xxx.xxx:123 *:* 912
    UDP xxx.xxx.xxx.xxx:123 *:* 912
    UDP xxx.xxx.xxx.xxx:137 *:* 4
    UDP xxx.xxx.xxx.xxx:138 *:* 4

Viewing 30 posts - 1 through 30 (of 42 total)