Need Help - Windows 2000 Server security breach

I was contacted today by my co-location provider's security department.

I have 5 Windows 2000 machines at the location. Today they received a complaint from someone about one of my servers. They said that one of
the machines keeps trying to FTP to an IP on the internet.. And the IP is not owned by me.

I know I don’t have anything setup on that server.. Especially to keep FTPing another server. I just use that machine as a test machine.

Any suggestions on how I can determine what is causing this?

Will using a Packet Sniffer help? If so does anyone recommend any good ones?

Any help would be greatly appreciated.

 

 

 

 

Top