Security Incidents mailing list archives
RE: Odd traffic generated from Exchange Server
From: "Portnoy, Gary" <gportnoy () belenosinc com>
Date: Wed, 24 Oct 2001 15:18:23 -0400
Anthony, I believe it is the new-email notification going out from the Exchange server to all the clients. Basically, Exchange uses a UDP packet to tell the Outlook client that a new email has come in and to refresh the view. Like Ryan Hill said in his reply, you can customize the TCP ports that Exchange uses for MTA, IS, DS, etc connections, but unfortunately the UDP mail notification is completely random and can't be customized. Later -Gary- -----Original Message----- From: Caruso, Anthony J. To: INCIDENTS () securityfocus com Sent: 10/24/01 12:53 PM Subject: Odd traffic generated from Exchange Server Hi All: Outbound ACLs on my router has started picking up traffic originating from one of my Exchange boxes: Oct 23 10:12:18 router1 list 101 denied udp 10.1.1.1(2643) -> 192.50.50.51(1046) The source port is usually different and the destination port oscillates between 1046 and 1171. The traffic occurs about every 15 min in quick bursts (incremental source ports), I am running a sniff now. Any ideas? Exchange 5.5 Sp3, NT 4.0SP6a no additional patches. Internal RFC 1918 addressed Exchange server. I am putting out an altogether different fire right now, but I will post traces as I get more info. Thanks. -Tony ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Odd traffic generated from Exchange Server Caruso, Anthony J. (Oct 24)
- <Possible follow-ups>
- RE: Odd traffic generated from Exchange Server Ryan Hill (Oct 24)
- RE: Odd traffic generated from Exchange Server Portnoy, Gary (Oct 24)