BITS service in Windows 10 is hammering a lot of 10-net addresses
I recently discovered a lot of TCP/SYN connections to some 10-net-addresses on the inside of our Cisco firewall. After having drilled down where they are comming from, I have found it's the BITS (Background Intelligent Transfer Service) in Windows 10 21H2 that is doeing it. I dont understand why. If I stop the service the problem disappers. Connections verified with TCPVIEW from Sysinternals toolbox.
Does anyone know if this is a problem, bug in Windows? It has the latest January Tuesday patches that are pretty buggy. I have not tried to uninstall them.
From the hacker monitoring in the Cisco firewall. Notice it has a lot of these connections all time.
Verified by TCPVIEW on the source IP computer. Source 192.168.101.157:5030x and target 10-net addresses all port 53388. We dont have these addresses in our network so they hit the firewall as the "default gateway".
Sign in to comment