0

We have a situation where a user logged into a Windows Server which primarily runs Tableau established an outbound TCP connection over port 1025 where the destination server is part of a Teradata cluster.

However the tool in question is notepad.exe which seems unusual to me given that there are not very many reasons for it communicate over the internet.

I did notice that prior to the event that a few Datadog agent processes were executed. Could this activity be somehow related to logging activity from Datadog over to the Teradata server?

Improve this question
1
  • are you confident that the process was notepad.exe ? is the teradata cluster under your control ? assuming your premise is correct, one thought that sprang to mind was that "somehow" the paste buffer was backed up by the tcp socket that (maybe) related to the other activity, and that the user themselves had initiated this connection when they interacted with notepad.exe by pasting data into the edit window Commented Jan 28, 2023 at 0:45

1 Answer 1

Reset to default
1

Under no circumstances notepad.exe by Microsoft can make any network connections, even if you open a file on a network share. In that case the connection will be made by SYSTEM.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.