I saw a thread here dated about 4 weeks ago and it sounds like I am having similar issues. I wonder if something new is making the rounds...
I've got PCs randomly polling the web; for example, starting at source port 1500 and the destination port of 80. The next traffic attempts 1501, then 1502, and so on. These occur at the rate of two attempts per second. I've seen the port numbers as high as 60000+.
E-Trust (our enterprise security suite), Security Essentials, and SuperAntiSpyware report nothing. For the most part, most of the PCs have automatic updates turned on. The few that do not, we update manually but it does not help. It does seem to be limited to "non-server" Windows OS (XP and some older Win 2000 PCs). The traffic always begins when the user open Internet Explorer. I've used Sysinternals Autoruns and see nothing unexpected.
Any one have knowledge of this type of behavior?
I've got PCs randomly polling the web; for example, starting at source port 1500 and the destination port of 80. The next traffic attempts 1501, then 1502, and so on. These occur at the rate of two attempts per second. I've seen the port numbers as high as 60000+.
E-Trust (our enterprise security suite), Security Essentials, and SuperAntiSpyware report nothing. For the most part, most of the PCs have automatic updates turned on. The few that do not, we update manually but it does not help. It does seem to be limited to "non-server" Windows OS (XP and some older Win 2000 PCs). The traffic always begins when the user open Internet Explorer. I've used Sysinternals Autoruns and see nothing unexpected.
Any one have knowledge of this type of behavior?