9/7/2023 0 Comments Tcpview windows 2012![]() There's a timeout for such connections and they'll automatically be closed once their grace time is over. ![]() They'll always pinging the internet for gaining access. The reason may be genuine and acceptable if you're part of peer network (like Torrent or Tor, etc), otherwise it's just some malicious machines trying to get a backdoor. ![]() It's simply the remote machines trying to connect and gain access to one of your ports. This may not be the answer you were looking for, but since nobody else has taken you up on this in two days, I'm giving you what I can. If you still see these connections after restricting incoming connections to the specifically authorized ones, then you should dump the network packets using a packet sniffer in order to see what the packets are, and if that doesn't answer your questions then at least you will have a lot more data for your next question. Worst case, of course, is something like "your server is totally compromised, your data has been exported to someone else and you will lose access to it or it will be modified in ways you will not like, and your server is being used for illegal purposes that will earn you a visit from the police" - hopefully this isn't the case! Checking that you have up-to-date backups is always good. If so, best case is that they are DNS lookups that your server does to identify incoming connections (that would explain why the connections are being used by the system image). This means that you will not need to wonder what those addresses are connecting to, because there will only be two possibilities.Īnother possibility is that the connections are outgoing. The port for the service you are providing, which is hopefully not a database directly but some web interface, Apache or IIS for example, maybe running on a different machine. The port for your administrative connections, hopefully identified by your static source IP address if you have one ![]() Your firewall should allow incoming access to Random people from the Internet should not be allowed to open any kind of connection to your database server. As for your question 2, it is probably not a worm on your server if the connections are all incoming. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |