question about port 389 in windows 2000 server

Hi all, I found that there is an unknown problem in the port 389 of my
windows 2000 server and it is really disturbing.
I have checked the TCP Connections on my server, there are over a hundred of
established connections on the port 389 with the other local ports. For
example, my server's local IP is 10.8.0.191, the connections are as below:
10.8.0.191 389 -> 10.8.0.191 10000 ESTABLISHED
10.8.0.191 389 -> 10.8.0.191 10201 ESTABLISHED
10.8.0.191 389 -> 10.8.0.191 10332 ESTABLISHED
10.8.0.191 389 -> 10.8.0.191 10403 ESTABLISHED
10.8.0.191 389 -> 10.8.0.191 10522 ESTABLISHED
10.8.0.191 389 -> 10.8.0.191 10615 ESTABLISHED
..
..
..
..
..
10.8.0.191 389 -> 10.8.0.191 11315 TIME_WAIT
..
..

It seems that it is caused by some virus, but I have tried a full scan on my
server and checked all process on run. No virus has been discovered. Some of
my local network applications, such as files accessing and active directory
accessing, have been slow down and even unaccessable. I have no idea on
that. Could any one help me to figure out the problems and give me some
suggestion to tackle this? Thank you very much.

Lam

 

Hi,

389 is TCP port used by LDAP (Lightweight Directory Access Protocol). LDAP
is a base for Active Directory -- all the queries in Active Directory are
done through LDAP (e.g. looking for user information etc...).

Mike