We have some web service running on a Windows Server 2008 R2 Virtual Machine.
Recently, we have detected large amount of network traffic coming to us from a internal IP 100.65.12.190. This is within same subnet where our VM server located and is sending requests to random port numbers.
Is there anyway to can find our who own that particualt server?
How we can stop this kind of activities?Request to connect from100.65.12.190:61721
Request to connect from100.65.12.190:61734
Request to connect from100.65.12.190:61746
Request to connect from100.65.12.190:61765
Request to connect from100.65.12.190:61792
Request to connect from100.65.12.190:62110
Request to connect from100.65.12.190:62122
Request to connect from100.65.12.190:62200
- Moved by Qin Dian Tang - MSFT Wednesday, July 17, 2013 8:33 AM
Do an ipconfig /all in the VM and check the IP of the DNS server - is that the same IP that you are seeing traffic from?
If so, this is happening because endpoints created in the portal now have probe ports configured automatically.