(Sorry to re-post this but I can't find my original post anywhere. I think
it's because the initial post is more than two months old.)
I'm having the same problem as Tim in a workgroup setting. On the XP client,
I've done a complete scan with Kaspersky and analyzed the HijackThis log, to
no avail. I've also used TcpView. As described by Tim, there is always one
connection in the ESTABLISHED state associated with 'svchost -k rpcss' while
the rest are in TIME_WAIT. They are all going to the epmap port (135) of the
server. Some of the older connections are deleted but new ones crop up,
always with one in the ESTABLISHED state.
The strange thing is that this XP machine is hammering only the server and
no other computer on the network. I believe the sheer number of connections
is the reason the Windows 2003 server is crashing almost every other day. All
computers are fully patched. What can I do next?
Thanks for your help,
Terrence
"Tim" wrote:
> I have several servers that when I do an nbtstat -a I get the results below.
> The servers just have a ton of EPMAP connections to one PC in particular.
>
> 1) Why? and how do I get rid of them?
> 2) Our firewall is getting an nbtname and UDP137 entry every 30 seconds from
> these same servers to this one particular PC. Make them stop!!! While the
> destination is to the wireless NIC on this PC and it's all being dropped, it
> has to be taking bandwidth on our network.
> 3) The IP bound to the wireless NIC on this PC is also appearing as master
> browser in WINS ala ___MSBROWSE__ entry and workstation and primary
> workgroup. We are on a 2003 domain. Even when deleted, these entries come
> back not as tombstoned, but as active.
>
> Thanks and now the nbstat -a below...
<snip>
|
Similar Threads
Linear Mode
