Hello

This is about 2 weeks that I can not get ride of this .

After I install a new server and install tons of software it starts.

After about 10 minutes a huge amount of data is uploaded to internet while I have not hosted anything on it.

I have checked to see which program does this.

It seems inetinfo.exe program connects to hundreds of different IPs over internet. It does not stop until I stop both IIS web server and www publish. service.

By the way I have tried symantech scanner and it finds no RED on my server!

What is this one? Is there a patch?

Regards,
mac

Search on Google I used (http://www.google.com/search?q=inetinfo.exe+hack)

Does this shed any light on it?

eeye explanation (http://www.eeye.com/html/Research/Advisories/AD20001003.html)

Could it be that someones mirroring the contents of your server?

Are they HTTP or FTP ports?

Hello

I have used tdimon (http://www.sysinternals.com) to track ports.

It seems connections are from my own server. As socket connections are client type connections, I was unable to find out which port are they trying to connect.

Client ports are something around 1400.

Regards,
Mac

Maybe you have the Code Red worm?

I don't know - I don't use IIS.

At the cmd prompt, type netstat -a -n. This will show all active and listening ports and who is connected to them.

Let me know what you find.