hi,
today we are observing many sessions from clients to a DC / DNS (all 5 roles on it) on port 389
they have an about 2MB session on this port (like they are getting something from it)
but as the port is 389 i do not have an idea what are these connections
Antivirus is updated on all of them and ... ! no new policy, not any change ..
what can be this traffic ?!?!
- Edited by MohammadG Tuesday, March 05, 2013 7:52 AM
- Changed type Cicely FengMicrosoft community contributor, Moderator Thursday, March 07, 2013 1:11 AM