question about port 389 in windows 2000 server

Discussion in 'Server Networking' started by yatlam, Aug 10, 2004.

  1. yatlam

    yatlam Guest

    Hi all, I found that there is an unknown problem in the port 389 of my
    windows 2000 server and it is really disturbing.
    I have checked the TCP Connections on my server, there are over a hundred of
    established connections on the port 389 with the other local ports. For
    example, my server's local IP is 10.8.0.191, the connections are as below:
    10.8.0.191 389 -> 10.8.0.191 10000 ESTABLISHED
    10.8.0.191 389 -> 10.8.0.191 10201 ESTABLISHED
    10.8.0.191 389 -> 10.8.0.191 10332 ESTABLISHED
    10.8.0.191 389 -> 10.8.0.191 10403 ESTABLISHED
    10.8.0.191 389 -> 10.8.0.191 10522 ESTABLISHED
    10.8.0.191 389 -> 10.8.0.191 10615 ESTABLISHED
    ..
    ..
    ..
    ..
    ..
    10.8.0.191 389 -> 10.8.0.191 11315 TIME_WAIT
    ..
    ..

    It seems that it is caused by some virus, but I have tried a full scan on my
    server and checked all process on run. No virus has been discovered. Some of
    my local network applications, such as files accessing and active directory
    accessing, have been slow down and even unaccessable. I have no idea on
    that. Could any one help me to figure out the problems and give me some
    suggestion to tackle this? Thank you very much.

    Lam
     
    yatlam, Aug 10, 2004
    #1
    1. Advertisements

  2. yatlam

    Miha Pihler Guest

    Hi,

    389 is TCP port used by LDAP (Lightweight Directory Access Protocol). LDAP
    is a base for Active Directory -- all the queries in Active Directory are
    done through LDAP (e.g. looking for user information etc...).

    Mike
     
    Miha Pihler, Aug 10, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.