Home / Q&A
Follow via:
RSS
Email Alert
Question
0 Votes
+ -

Rogue Process?

Has anyone ever come across the sansv.exe process? We found it on our SQL Server (Win 2K3 - fully patched) today after it crippled our internal network with packet traffic. Killing the process seemed to directly relate to a huge drop in server communications (back to normal), but I can't seem to find any information on what it is or where it came from.

It seemed to be generating a lot of traffic over a variety of ports >2500 all destined for a series of seemingly random IP addresses (all outside our network) on Port 129.

Has anyone ever seen this? Is this an exploit? Bug? New Feature? Compromise?
Tags: windows, security, it management, virus, networking, malware, attack, sansv.exe
blarman
21st Feb 2007
Answer the Question

Answers (1)

Preferences
0 Votes
+ -
Port 129
Maybe someone owned your server and had that process running for probing other networks and systems. Port 129 is apparently used by Password Generator Protocol. The daily statistics are available from http://www.incidents.org/port.html?port=129.
Toivo Talikka
21st Feb 2007
Answer the question
Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

Join the TechRepublic Community and join the conversation! Signing-up is free and quick, Do it now, we want to hear your opinion.

Join Login

Keep Up with TechRepublic

Discover more newsletters

Follow us however you choose!

Media Gallery

View All

Hot Discussions

Start a Discussion
View All

Hot Questions

Ask a Question