Port flooding prob

My brotherinlaws company PC network seems to have a problem at the moment. His art department computers when doing the netstat -a check is showing a port 4156 flood. From what I know, they are running on a Win 2000 SQL server. And the Slapper worm that exploits the port 4156, that is a Linux worm variant.

I am at my wits end what this problem could be. Any ideas? Thx.

 

That is correct; the Slapper worn is the only exploit I know that effects that port.

Following the procedures in our Read Me First may shed more light on what is happening.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

 

Thx for this info. will forward it to my brother. As well, I have heard that tho this is a Linux exploit, it is still possible that win based O/S can still be effected. Hope we figure this one out. Our bandwidth will love us for it. Thx again.

 

" The port 4156 scan coming from the art-server is/was my administrative application for the antivirus (grisoft), looking out into the network for the status of clients. I shut it down, on their website they even say this does not have to run all the time. I am feeling some improvement already in the VOIP (on top of the one running on the art-server, I had it instaled on my machine and it was activiely scanning as well.... DUHHH).
Keith"

So, the port flooding was caused by our AVG admin app. Can you believe that? WTF would it have to constantly flood that port? Anyways, thx for the help. Good to see that the problem was not a Worm.