hi,
today we are observing many sessions from clients to a DC / DNS (all 5 roles on it) on port 389
they have an about 2MB session on this port (like they are getting something from it)
but as the port is 389 i do not have an idea what are these connections
Antivirus is updated on all of them and ... ! no new policy, not any change ..
what can be this traffic ?!?!