Re: Port Scan(?)
From: jklemenc@fnal.govDate: 03/21/02
- Previous message: Lee Leahu: "Re: sniffer cable"
- Maybe in reply to: Adrian Horton: "Port Scan(?)"
- Next in thread: Adrian Horton: "Re: Port Scan(?)"
- Reply: Adrian Horton: "Re: Port Scan(?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Adrian Horton <adhort02@yahoo.com> From: jklemenc@fnal.gov Date: Thu, 21 Mar 2002 13:28:24 -0600
Sonicwall IRE VPN Client perhaps? Look for IREike.exe in the Task Manager's
process list.
Joe
Adrian Horton
<adhort02@yahoo.c To: security-basics@securityfocus.com
om> cc:
Subject: Port Scan(?)
03/20/2002 01:41
PM
The incidents@securityfocus.com owner rejected this
post so can anyone here make sense of this?
On my 10.1.2.0/24 network, I discovered (with
Ethereal) that one of my hosts (10.1.2.112) was
broadcasting UDP packets to 255.255.255.255 to port
62516.
The *source port* though was incrementing by one after
every packet. That host machine is running Windows
2000.
Anyone know what kind of activity this is? It seems
the opposite of a port scan and it is inside my
private network. I know which machine it is, I just
can't figure out what it was doing so I disconnected
it from the network until I figure it out.
Thanks,
AH
__________________________________________________
Do You Yahoo!?
Yahoo! Sports - live college hoops coverage
http://sports.yahoo.com/
- Previous message: Lee Leahu: "Re: sniffer cable"
- Maybe in reply to: Adrian Horton: "Port Scan(?)"
- Next in thread: Adrian Horton: "Re: Port Scan(?)"
- Reply: Adrian Horton: "Re: Port Scan(?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
