none
Traffice from other internal IP address not belong to us

    Question

  • Hi All,

    We have some web service running on a Windows Server 2008 R2 Virtual Machine.

    Recently, we have detected large amount of network traffic coming to us from a internal IP 100.65.12.190. This is within same subnet where our VM server located and is sending requests to random port numbers.

    Is there anyway to can find our who own that particualt server?

    How we can stop this kind of activities?

    Request to connect from100.65.12.190:61721
    Request to connect from100.65.12.190:61734
    Request to connect from100.65.12.190:61746
    Request to connect from100.65.12.190:61765
    Request to connect from100.65.12.190:61792
    Request to connect from100.65.12.190:62110
    Request to connect from100.65.12.190:62122
    Request to connect from100.65.12.190:62200

    Regards,

    Wednesday, July 17, 2013 6:04 AM

All replies

  • Hi MW,

    Do an ipconfig /all in the VM and check the IP of the DNS server - is that the same IP that you are seeing traffic from?

    If so, this is happening because endpoints created in the portal now have probe ports configured automatically.

    Thanks,
    Craig

    Wednesday, July 17, 2013 7:09 PM
    Moderator
  • Hi Craig,

    You are right.

    The IP 100.65.12.190 is the DNS server.

    Thank you for your help.

    Mark

    Thursday, July 18, 2013 11:36 PM
  • Hi Craig,

    Just wondering..

    Are we able to disable the probe ports attached to the endpoints?

    Regards,

    Mark

    Friday, July 19, 2013 12:11 AM