BITS service in Windows 10 is hammering a lot of 10-net addresses

2022-02-05T09:43:23.65+00:00

I recently discovered a lot of TCP/SYN connections to some 10-net-addresses on the inside of our Cisco firewall. After having drilled down where they are comming from, I have found it's the BITS (Background Intelligent Transfer Service) in Windows 10 21H2 that is doeing it. I dont understand why. If I stop the service the problem disappers. Connections verified with TCPVIEW from Sysinternals toolbox.

Does anyone know if this is a problem, bug in Windows? It has the latest January Tuesday patches that are pretty buggy. I have not tried to uninstall them.

From the hacker monitoring in the Cisco firewall. Notice it has a lot of these connections all time.

171508-image.png

Verified by TCPVIEW on the source IP computer. Source 192.168.101.157:5030x and target 10-net addresses all port 53388. We dont have these addresses in our network so they hit the firewall as the "default gateway".

171509-image.png

Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,312 questions
0 comments No comments
{count} votes