Security Incidents mailing list archives
Re: Strange UDP Activity
From: Valdis.Kletnieks () vt edu
Date: Tue, 16 Apr 2002 15:03:29 -0400
On Tue, 16 Apr 2002 13:09:30 EDT, Rajiv Dighe <rdighe () SANDVINE com> said:
Port 1067 is also used by Installation Bootstrap Protocol Server. Apparently on default win2k server install this port is utilized. details are available at http://support.microsoft.com/default.aspx?scid=kb;EN-US;q289241 This could be an attempt to map out hosts running win2k servers in default install. This is apparently also used by HP boxes. i.e. you can setup one
Wasn't there an issue where Windows Active Directory would try to find a likely DNS server to register itself in, and if it failed, it would go harass a root server and try to register itself there? This would explain traffic coming back from root servers back to the bootstrap server.... -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
Attachment:
_bin
Description:
Current thread:
- Strange UDP Activity LAVELLE,MICHAEL (HP-PaloAlto,ex1) (Apr 16)
- Re: Strange UDP Activity Ryan Russell (Apr 16)
- <Possible follow-ups>
- RE: Strange UDP Activity Joe Kattner (Apr 16)
- RE: Strange UDP Activity Rajiv Dighe (Apr 16)
- Re: Strange UDP Activity Valdis . Kletnieks (Apr 16)
- RE: Strange UDP Activity LAVELLE,MICHAEL (HP-PaloAlto,ex1) (Apr 16)
- RE: Strange UDP Activity Jose Nazario (Apr 16)
- Re: Strange UDP Activity Eric Brandwine (Apr 16)
- Re: Strange UDP Activity Jose Nazario (Apr 16)
- Re: Strange UDP Activity Eric Brandwine (Apr 16)
- Re: Strange UDP Activity Stephen Friedl (Apr 16)