Port & Executable Monitoring & Logging

[jstemp105 () gmail com]

Hello All,

I have been working with the IPS systems within my corporate workplace and we have noticed some strange activity where 
a virtual Windows file server is attempting to connect to workstations, on the same subnet, through local TCP port 88.  
The IPS systems that we have in place on the workstations in our organization are detecting these connections and is 
blocking them by considering them port scans.  The connections are incoming from the file server to the workstations.

Placing a packet capture on the network and server did no good as the workstations blocked them and the workstations 
that didn't block the connections would only reply with a reset flag.

These connections happen at the most sporadic times ranging anywhere throughout the day or night.  We would like to put 
a program on the server that will monitor for executables and what port they run on or open up.  This program must be 
able to log the instances and be able to filter what ports are being monitored.  Does anyone know of any software 
programs that will run on Server 2008 and have the above stated capabilities?

Thanks!

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------