Traffice from other internal IP address not belong to us


  • Hi All,

    We have some web service running on a Windows Server 2008 R2 Virtual Machine.

    Recently, we have detected large amount of network traffic coming to us from a internal IP This is within same subnet where our VM server located and is sending requests to random port numbers.

    Is there anyway to can find our who own that particualt server?

    How we can stop this kind of activities?

    Request to connect from100.65.12.190:61721
    Request to connect from100.65.12.190:61734
    Request to connect from100.65.12.190:61746
    Request to connect from100.65.12.190:61765
    Request to connect from100.65.12.190:61792
    Request to connect from100.65.12.190:62110
    Request to connect from100.65.12.190:62122
    Request to connect from100.65.12.190:62200


    Wednesday, July 17, 2013 6:04 AM

All replies

  • Hi MW,

    Do an ipconfig /all in the VM and check the IP of the DNS server - is that the same IP that you are seeing traffic from?

    If so, this is happening because endpoints created in the portal now have probe ports configured automatically.


    Wednesday, July 17, 2013 7:09 PM
  • Hi Craig,

    You are right.

    The IP is the DNS server.

    Thank you for your help.


    Thursday, July 18, 2013 11:36 PM
  • Hi Craig,

    Just wondering..

    Are we able to disable the probe ports attached to the endpoints?



    Friday, July 19, 2013 12:11 AM