Security Basics mailing list archives
Re: Port Scan(?)
From: Sumit Chaudhary <chaudharysumit () netscape net>
Date: 12 Oct 2004 20:34:19 -0000
In-Reply-To: <OFC6F4EBD6.B9A3574D-ON86256B83.006AE482 () fnal gov> Can you tell me the reason behind this broadcast? IDS of my customer is having allergy with these broadcasts. Thank you in advance. -Sumit
Received: (qmail 12742 invoked from network); 22 Mar 2002 18:34:11 -0000 Received: from outgoing3.securityfocus.com (HELO outgoing.securityfocus.com) (66.38.151.27) by mail.securityfocus.com with SMTP; 22 Mar 2002 18:34:11 -0000 Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.19]) by outgoing.securityfocus.com (Postfix) with QMQP id 1AC9CA3197; Fri, 22 Mar 2002 10:28:27 -0700 (MST) Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <security-basics.list-id.securityfocus.com> List-Post: <mailto:security-basics () securityfocus com> List-Help: <mailto:security-basics-help () securityfocus com> List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com> List-Subscribe: <mailto:security-basics-subscribe () securityfocus com> Delivered-To: mailing list security-basics () securityfocus com Delivered-To: moderator for security-basics () securityfocus com Received: (qmail 20833 invoked from network); 21 Mar 2002 19:26:29 -0000 Subject: Re: Port Scan(?) To: Adrian Horton <adhort02 () yahoo com> Cc: security-basics () securityfocus com X-Mailer: Lotus Notes Release 5.0.6a January 17, 2001 Message-ID: <OFC6F4EBD6.B9A3574D-ON86256B83.006AE482 () fnal gov> From: jklemenc () fnal gov Date: Thu, 21 Mar 2002 13:28:24 -0600 X-MIMETrack: Serialize by Router on BSSMAIL1/Fermilab/US(Release 5.0.9 |November 16, 2001) at 03/21/2002 01:28:29 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sonicwall IRE VPN Client perhaps? Look for IREike.exe in the Task Manager's process list. Joe Adrian Horton <adhort02@yahoo.c To: security-basics () securityfocus com om> cc: Subject: Port Scan(?) 03/20/2002 01:41 PM The incidents () securityfocus com owner rejected this post so can anyone here make sense of this? On my 10.1.2.0/24 network, I discovered (with Ethereal) that one of my hosts (10.1.2.112) was broadcasting UDP packets to 255.255.255.255 to port 62516. The *source port* though was incrementing by one after every packet. That host machine is running Windows 2000. Anyone know what kind of activity this is? It seems the opposite of a port scan and it is inside my private network. I know which machine it is, I just can't figure out what it was doing so I disconnected it from the network until I figure it out. Thanks, AH __________________________________________________ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/
Current thread:
- Re: Port Scan(?) Sumit Chaudhary (Oct 13)