Port 2301; Address 129.70.136.250

["Ferguson, Linwood" <Ferguson () CHASLEVY com>]

I recently installed Gauntlet NT 5 upgrading from NT 2.1.  It has a lot
more logging of unexpected data on both internal and external ports.

I've got two different systems sending two different types of messages I
can't understand, and wonder if anyone knows what they are.

The first is a NT system running Peoplesoft and Oracle.  About every 2
minutes it goes through a series where it first sends an ICMP packet to
address 129.70.136.250, then sends netbios name requests to the same
address.  That address is frigo.TechFak.Uni-Bielefeld.DE.  No one here
recognizes that address.  The system is a server and has no interactive
use.  I searched the registry and all obvious places for any references
to either this name and address - nothing.  The address is at a German
university, that's all I can tell.

Anyone recognize this?  My obvious concern is that we have something on
that system trying to reach the home system of someone.

The other system is a NT server as well freshly installed with SQL
Server.  It's a Compaq server.  Every few minutes it does a broadcast to
255.255.255.255 UPD on port 2301.  I saw one note (ironically but
unrelatedly in German) that had the word "Insight" in it.  This system
is running the Compaq insight agents, but I see nothing in there that
sets this up.  We have another dozen Compaq servers around here also
running the Compaq agents that are not doing this.  I do not know it is
Insight, but am curious what it is.

Ring any bells?

Thanks in advance,

Linwood Ferguson