View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000169 | Windows and other desktop OS | Server | public | 2015-10-31 09:42 | 2016-07-18 10:33 |
Reporter | DigitalMy | ||||
Priority | normal | Severity | major | Reproducibility | N/A |
Status | checking | Resolution | open | ||
Platform | IBMPC | OS | Windows | OS Version | 2008R2 |
Summary | 0000169: Unwanted network connections on windows server: disable and protect from | ||||
Description | There are unknown incoming and outgoing connections. Need to secure server. | ||||
Tags | No tags attached. | ||||
FinishDate | |||||
StartDate | 2015-10-31 | ||||
WasteTime | |||||
PriorityIndex | 7 | ||||
LaboriousnessIndex | 7 | ||||
|
Icoming TCP from 92.39.135.230 ESTABLISHED on 1723 port (PPTP), every 2 min it sends byte sequence including: local cananian |
|
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0003 Changed TcpPortNumber |
|
mysqld.exe TCP to 78.46.200.201 80 port outgoing |
|
Another unwanted System process used port 80. Iteration stopping services indicated that "..\IIS\Microsoft Web Deploy\MsDepSvc.exe" -runService:MsDepSvc -> disabled this service , port is free now another port 80 was taken by RRAS (one of VPN protocols) |