Firewall Wizards mailing list archives
Port 2301; Address 129.70.136.250
From: "Ferguson, Linwood" <Ferguson () CHASLEVY com>
Date: Thu, 6 May 1999 18:25:20 -0500
I recently installed Gauntlet NT 5 upgrading from NT 2.1. It has a lot more logging of unexpected data on both internal and external ports. I've got two different systems sending two different types of messages I can't understand, and wonder if anyone knows what they are. The first is a NT system running Peoplesoft and Oracle. About every 2 minutes it goes through a series where it first sends an ICMP packet to address 129.70.136.250, then sends netbios name requests to the same address. That address is frigo.TechFak.Uni-Bielefeld.DE. No one here recognizes that address. The system is a server and has no interactive use. I searched the registry and all obvious places for any references to either this name and address - nothing. The address is at a German university, that's all I can tell. Anyone recognize this? My obvious concern is that we have something on that system trying to reach the home system of someone. The other system is a NT server as well freshly installed with SQL Server. It's a Compaq server. Every few minutes it does a broadcast to 255.255.255.255 UPD on port 2301. I saw one note (ironically but unrelatedly in German) that had the word "Insight" in it. This system is running the Compaq insight agents, but I see nothing in there that sets this up. We have another dozen Compaq servers around here also running the Compaq agents that are not doing this. I do not know it is Insight, but am curious what it is. Ring any bells? Thanks in advance, Linwood Ferguson
Current thread:
- Port 2301; Address 129.70.136.250 Ferguson, Linwood (May 07)
- <Possible follow-ups>
- Re: Port 2301; Address 129.70.136.250 Bill Pennington (May 08)