Sorry that I can't provide a text of header. The guy that had the sniffer
trace sent me a screen capture of one of the packet headers. What do you
guys think? The DOD program that several of you mentioned seemed like the
right kind of application because this machine was moving a substantial
amount of traffic, but why would it have something like that installed on
it.

----- Original Message -----
From: "Hunter Ely" <hely1lsu.edu>
To: <focus-mslists.securityfocus.com>
Sent: Wednesday, April 03, 2002 1:27 PM
Subject: ntsds.exe or ntsdc.exe

> Recently some computers on a few LANs on our network were sending full
size
> packets and were the top talkers on campus. When we looked into this
> further, it appeared that all the machines were Windows machines with a
> service called either ntsds.exe or ntsdc.exe. This service couldn't be
> stopped. The only way to keep it from loading was to rename the file.
The
> traffic ceased when we finally were able to stop the service. I can't
seem
> to find anything about this service anywhere. Has anyone else on the list
> experienced this or can point me in the right direction? Thanks
> ------------------------------------------------------
> Hunter Ely
> Network Security Analyst, Office of Computing Services
> Louisiana State University
> http://hunter.lsu.edu
>
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]