ok we had a strange thing happening here yesterday, we are running a few servers, with windows 2000 server, all patched and with the appropriate updates, however, yesterday we were made aware that:
"complaints that we are receiving related to apparent CodeRed type TCP port 80 activity (which could of course be web server break in attempts under the control of a human user, rather than virus or worm related activity)."
however a full virus scan of the machince revealed nothing, the other option was:
"TCP port 4889 may be used by the ICQ protocol, so the TCP port 4889 scans could be the result of someone attempting to "spamvertise" using ICQ mass messaging techniques."
if ANYONE has any idea how to stop this happening, or what exactly it is, please let me know as soon as possible.Cant seem to find anything obviously wrong with the machine. Thanks a lot.
"complaints that we are receiving related to apparent CodeRed type TCP port 80 activity (which could of course be web server break in attempts under the control of a human user, rather than virus or worm related activity)."
however a full virus scan of the machince revealed nothing, the other option was:
"TCP port 4889 may be used by the ICQ protocol, so the TCP port 4889 scans could be the result of someone attempting to "spamvertise" using ICQ mass messaging techniques."
if ANYONE has any idea how to stop this happening, or what exactly it is, please let me know as soon as possible.Cant seem to find anything obviously wrong with the machine. Thanks a lot.
