Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Stray UDP activity?

From: Jim Watt <wattjg () appliedbiosystems com>
Date: Fri, 08 Mar 2002 14:59:26 -0800
--On 03/08/2002 3:31 PM +0200 sheib wrote:

} I got some strange udp activity on my production machine. I am positive it's
} not due some of my doings; no dns servers running, no udp feeding daemons,
} etc. Snort detects no threat either. This occurs somehow periodicly on every
} hour. It's no udp scan. The very same ports are used all the time.
} 
} 
} <snip>
} 
} 05:56:47.258786 SRC.1028 > DST.38293:                           [udp sum ok]

Almost certainly Norton Antivirus Corporate edition out looking for
clients.  See (for example)
http://lists.gnac.net/pipermail/firewalls/2001-June/083825.html

Jim
--
Jim Watt                               wattjg () appliedbiosystems com
Applied Biosystems                     Voice (desk): +1 408 577 2228
3833 North First Street                Fax:          +1 408 894 9307
San Jose CA 95134-1701                 Voice (main): +1 408 577 2200


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: