Using 4.3.5 on Win 2008 Server R2. File transfers are unusually slow. With Wireshark sniffer we see packets using tcp ports 5001 and 5011 in-between the ftp-data packets on the wire. In the past these were associated with a trojan or backdoor. We have a vendor that set this up - could use of these port numnbers be customized port numbers? Or something we should be concerned about?
5001 [commplex-link] Back Door Setup, Sockets des Troie
5011 [telelpathattack] One of the Last Trojans - OOTLT, One of the Last Trojans - OOTLT, modified
On a gig link each 3000 byte chunk of data takes about 45ms to transfer where 5001 and 5011 are doing ACKS between chunks.