Networking Problem "Packet Flood"

On one of our Windows 2000 servers we are having a big problem with it sending out Thousands of TCP packets every second and flooding the network.

This server, also our exchange server, has been running fine for about 18 months, then all of a sudden this started. Once we reboot it it will run for anywhere between 45 minutes and 8 hours before it starts again.

I have ran virus scan, nothing was found, I installed the network cards, but that did not help. I have looked at netstat when this is happening but nothing looks out of order. I have use TCP view and it shows a lot of SYN_SENT. But I cant track down the problem.
Does any one have any ideas?
Thanks,

August

Check your TCP sessions and adjust properly. It could be a DoS. Machines can
send thousands of TCP connection requests and your server will respond with
an OK to create a connection, but then the other side never responds. The
server will wait X amount of time before timing out and releasing the
session. Servers will allow only Y amount of sessions, which is configurable
in the registry. Too many open sessions waiting, stops new (legit) sessions
from being established. Google for 'TCP_SYN attack' for more info. You might
want to sniff the network and see where all the SYN's are going and possibly
block that subnet/IP in your firewall.

"August Startz" <(E-Mail Removed)> wrote in message
newsA1C02FE-E52D-4C53-B28F-(E-Mail Removed)...
> On one of our Windows 2000 servers we are having a big problem with it
sending out Thousands of TCP packets every second and flooding the network.
>
> This server, also our exchange server, has been running fine for about 18
months, then all of a sudden this started. Once we reboot it it will run
for anywhere between 45 minutes and 8 hours before it starts again.
>
> I have ran virus scan, nothing was found, I installed the network cards,
but that did not help. I have looked at netstat when this is happening but
nothing looks out of order. I have use TCP view and it shows a lot of
SYN_SENT. But I cant track down the problem.
> Does any one have any ideas?
> Thanks,
>
> August
>