Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Port Scan(?)

From: Sumit Chaudhary <chaudharysumit () netscape net>
Date: 12 Oct 2004 20:34:19 -0000
In-Reply-To: <OFC6F4EBD6.B9A3574D-ON86256B83.006AE482 () fnal gov>

Can you tell me the reason behind this broadcast? IDS of my customer is having allergy with these broadcasts.

Thank you in advance.

-Sumit


Received: (qmail 12742 invoked from network); 22 Mar 2002 18:34:11 -0000
Received: from outgoing3.securityfocus.com (HELO outgoing.securityfocus.com) (66.38.151.27)
 by mail.securityfocus.com with SMTP; 22 Mar 2002 18:34:11 -0000
Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.19])
      by outgoing.securityfocus.com (Postfix) with QMQP
      id 1AC9CA3197; Fri, 22 Mar 2002 10:28:27 -0700 (MST)
Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:security-basics () securityfocus com>
List-Help: <mailto:security-basics-help () securityfocus com>
List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
Delivered-To: mailing list security-basics () securityfocus com
Delivered-To: moderator for security-basics () securityfocus com
Received: (qmail 20833 invoked from network); 21 Mar 2002 19:26:29 -0000
Subject: Re: Port Scan(?)
To: Adrian Horton <adhort02 () yahoo com>
Cc: security-basics () securityfocus com
X-Mailer: Lotus Notes Release 5.0.6a  January 17, 2001
Message-ID: <OFC6F4EBD6.B9A3574D-ON86256B83.006AE482 () fnal gov>
From: jklemenc () fnal gov
Date: Thu, 21 Mar 2002 13:28:24 -0600
X-MIMETrack: Serialize by Router on BSSMAIL1/Fermilab/US(Release 5.0.9 |November 16, 2001) at
03/21/2002 01:28:29 PM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii


Sonicwall IRE VPN Client perhaps? Look for IREike.exe in the Task Manager's
process list.

Joe



                                                                                                                      
                    
                     Adrian Horton                                                                                    
                    
                     <adhort02@yahoo.c        To:       security-basics () securityfocus com                          
                       
                     om>                      cc:                                                                     
                    
                                              Subject:  Port Scan(?)                                                  
                    
                     03/20/2002 01:41                                                                                 
                    
                     PM                                                                                               
                    
                                                                                                                      
                    
                                                                                                                      
                    




The incidents () securityfocus com owner rejected this
post so can anyone here make sense of this?

On my 10.1.2.0/24 network, I discovered (with
Ethereal) that one of my hosts (10.1.2.112) was
broadcasting UDP packets to 255.255.255.255 to port
62516.
The *source port* though was incrementing by one after
every packet. That host machine is running Windows
2000.

Anyone know what kind of activity this is? It seems
the opposite of a port scan and it is inside my
private network. I know which machine it is, I just
can't figure out what it was doing so I disconnected
it from the network until I figure it out.

Thanks,

AH


__________________________________________________
Do You Yahoo!?
Yahoo! Sports - live college hoops coverage
http://sports.yahoo.com/
Previous By Date Next
Previous By Thread Next

Current thread: