HWhite
2007-03-31 02:42:01 UTC
I have a Windows 2000 Small Business Server running Exchange 2000. A new
issue has arisen a couple of days ago. After much troubleshooting, I've
discovered that when the smtp service on my server is started, after
approximately a minute, the external NIC on my server becomes flooded with
packets. This lasts for approximately 5-6 minutes and then subsides for
about a minute and then resumes with the packet flood. All internet related
traffic suffers as a result and I can't figure out how to stop this behavior.
I've changed network cards, I changed the slot the card is installed in,
I've checked for viruses that may be present. I've checked the smtp queue
and it is empty. I'm thinking this might be some sort of DOS attack on port
25, but I'm not sure. I did a packet capture on the external NIC and
analyzed the date. All the traffic is coming from a single IP address
(38.118.132.70). Can anybody offer any suggestions on how to approach this?
issue has arisen a couple of days ago. After much troubleshooting, I've
discovered that when the smtp service on my server is started, after
approximately a minute, the external NIC on my server becomes flooded with
packets. This lasts for approximately 5-6 minutes and then subsides for
about a minute and then resumes with the packet flood. All internet related
traffic suffers as a result and I can't figure out how to stop this behavior.
I've changed network cards, I changed the slot the card is installed in,
I've checked for viruses that may be present. I've checked the smtp queue
and it is empty. I'm thinking this might be some sort of DOS attack on port
25, but I'm not sure. I did a packet capture on the external NIC and
analyzed the date. All the traffic is coming from a single IP address
(38.118.132.70). Can anybody offer any suggestions on how to approach this?