Security Incidents mailing list archives
Re: Unknown traffic
From: desmond.irvine () SHERIDANC ON CA (desmond irvine)
Date: Wed, 28 Jun 2000 09:00:01 -0400
I've just started seeing the exact same type of activity within the last two weeks from a local machine here. I suspect it has something to do with HP JetAdmin since here it is only showing up on IP's of printers and it is trying to connect via 161/udp (SNMP) as well. On Tue, 27 Jun 2000, Paul Hancock wrote:
There is a system that is trying to connect to udp ports 55559, 43768, and 54253 on a number of my systems. It tries those ports on a given machine, and then moves on to a seemingly random machine from within my network. Any idea what is running, or what it is trying to connect to? [IPs changed] Jun 27 02:10:26 ppl 74081: %SEC-6-IPACCESSLOGP: list PPL-COPATM-in denied udp 8.1.218.40(2753) -> 207.137.123.164(55559), 1 packet Jun 27 02:10:27 ppl 74082: %SEC-6-IPACCESSLOGP: list PPL-COPATM-in denied udp 8.1.218.40(2754) -> 207.137.123.164(43768), 1 packet Jun 27 02:10:28 ppl 74083: %SEC-6-IPACCESSLOGP: list PPL-COPATM-in denied udp 8.1.218.40(2755) -> 207.137.123.164(54253), 1 packet -- Paul (phancock () lib ci phoenix az us)
Current thread:
- Unknown traffic Paul Hancock (Jun 27)
- Re: Unknown traffic Joe McAlerney (Jun 27)
- Re: Unknown traffic Osvaldo Janeri Filho (Jun 27)
- Re: Unknown traffic desmond irvine (Jun 28)