General discussion

Locked

Open Relay or Virus?

By aikon2963 ·
My firewall started crashing recently. Lots of open conenctions. Error reads "the cache is full; too many connections open; xx.xxx.xxx.x port 51380 LAN(My mail server IP), 69.42.120.4,25 WAN some conenctions will be dropped."

Figuring that I had a virus or worm, I took all of the PC's off the network and disinfected them where necessary. With all of the PC's off the network with the exception of my mail server, file server(DC) and a known clean pc I am still recieving the error.

I am guessing that I have some malware/virus on my mail server or have somehow become an open relay.

I've done some tests and far it does not look like an open relay, but I may have missed someting.

(Mail Server) MS2003/Exchange 2003 fresh install
All updates excpt Exchange 2003 SP-1
(Domain Ctrl) MS2003
All updates
No A/V on either
10 node network

Any suggstions would be greatly appreciated. Thanks in advance

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by BFilmFan In reply to Open Relay or Virus?

No antivirus on the Exchange server? You're most likely infected or malwared.

A number of RPC services run on that port. There is some good information about it here:

http://www.seifried.org/security/ports/51000/51380.html

Best bet is to virus scan both the DC and the Exchange server, get them clean and then make sure they stay cleaned up.

Collapse -

by aikon2963 In reply to

Poster rated this answer.

Back to Software Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums