Forgive me if I'm wrong since I haven't come across servers with IIS yet, but what about spyware and adware on the servers? Some of them open up ports, but I don't recall one opening up 1027.
Printable View
Forgive me if I'm wrong since I haven't come across servers with IIS yet, but what about spyware and adware on the servers? Some of them open up ports, but I don't recall one opening up 1027.
This may be inappropriate but did you check to see if those computers had ICQ installed on them? Maybe the users who got nimba would be the same users that use ICQ. Also if it bothers you a lot just close the port on your firewall and see what services stop running.
This may be inappropriate but did you check to see if those computers had ICQ installed on them? Maybe the users who got nimba would be the same users that use ICQ. Also if it bothers you a lot just close the port on your firewall and see what services stop running.
PScan shows MS Distributed Transaction Coordinator running on port 1027. We are checking the documentation for the app to see if it's a process which should be running. But now I think it may be a false alarm. If so, learned a lot in the process...
Thanks for the advice everyone.
BTW: No chance of ICQ running on the server.
if your looking to see what info is passing thru the port use a packet sniffer .. http://www.sniff-em.com and http://www.tamos.com for commview both are pretty good shareware .... but i had that same port open on my windoze box and neither detected anything and im sure it wasnt opened by virus or trojan... hope that helps