RE: exchange server attempting to connect to odd ports
From: Jeff Gercken (JeffG_at_kizan.com)
Date: 07/13/05
- Previous message: Dirk Doerflinger: "WSUS overriding GPO for reboot"
- Maybe in reply to: Matt Bazan: "exchange server attempting to connect to odd ports"
- Next in thread: Roman Daszczyszak: "Re: exchange server attempting to connect to odd ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 13 Jul 2005 10:36:13 -0400 To: "Matt Bazan" <Mbazan@onelegal.com>, <focus-ms@securityfocus.com>
Use fport(foundstone), openports(ntsecurity.nu) or portqry V2(tim
rains/microsoft.com) to see which application is bound to the socket
listed as the source of the captured packets. Handle(sysinternals)
might give you more info on the process.
-Jeff
-----Original Message-----
From: Matt Bazan [mailto:Mbazan@onelegal.com]
Sent: Tuesday, July 05, 2005 4:39 PM
To: focus-ms@securityfocus.com
Subject: exchange server attempting to connect to odd ports
Just rebuilt our exchange box and I see it trying to open connections to
the following udp ports:
1140
3069
This is happening to a 192.168 IP address so it's not getting far but I
find it curious. Happens every minute or so. Have scanned for spyware
and run AV software on the box and both have come up empty. Any other
ideas? Thanks.
Matt
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Dirk Doerflinger: "WSUS overriding GPO for reboot"
- Maybe in reply to: Matt Bazan: "exchange server attempting to connect to odd ports"
- Next in thread: Roman Daszczyszak: "Re: exchange server attempting to connect to odd ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
