Re: Port Scan(?)

From: Sumit Chaudhary (chaudharysumit_at_netscape.net)
Date: 10/12/04

  • Next message: William Farren: "PGP & Outlook"
    Date: 12 Oct 2004 20:34:19 -0000
    To: security-basics@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <OFC6F4EBD6.B9A3574D-ON86256B83.006AE482@fnal.gov>

    Can you tell me the reason behind this broadcast? IDS of my customer is having allergy with these broadcasts.

    Thank you in advance.

    -Sumit

    >Received: (qmail 12742 invoked from network); 22 Mar 2002 18:34:11 -0000
    >Received: from outgoing3.securityfocus.com (HELO outgoing.securityfocus.com) (66.38.151.27)
    > by mail.securityfocus.com with SMTP; 22 Mar 2002 18:34:11 -0000
    >Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.19])
    > by outgoing.securityfocus.com (Postfix) with QMQP
    > id 1AC9CA3197; Fri, 22 Mar 2002 10:28:27 -0700 (MST)
    >Mailing-List: contact security-basics-help@securityfocus.com; run by ezmlm
    >Precedence: bulk
    >List-Id: <security-basics.list-id.securityfocus.com>
    >List-Post: <mailto:security-basics@securityfocus.com>
    >List-Help: <mailto:security-basics-help@securityfocus.com>
    >List-Unsubscribe: <mailto:security-basics-unsubscribe@securityfocus.com>
    >List-Subscribe: <mailto:security-basics-subscribe@securityfocus.com>
    >Delivered-To: mailing list security-basics@securityfocus.com
    >Delivered-To: moderator for security-basics@securityfocus.com
    >Received: (qmail 20833 invoked from network); 21 Mar 2002 19:26:29 -0000
    >Subject: Re: Port Scan(?)
    >To: Adrian Horton <adhort02@yahoo.com>
    >Cc: security-basics@securityfocus.com
    >X-Mailer: Lotus Notes Release 5.0.6a January 17, 2001
    >Message-ID: <OFC6F4EBD6.B9A3574D-ON86256B83.006AE482@fnal.gov>
    >From: jklemenc@fnal.gov
    >Date: Thu, 21 Mar 2002 13:28:24 -0600
    >X-MIMETrack: Serialize by Router on BSSMAIL1/Fermilab/US(Release 5.0.9 |November 16, 2001) at
    > 03/21/2002 01:28:29 PM
    >MIME-Version: 1.0
    >Content-type: text/plain; charset=us-ascii
    >
    >
    >Sonicwall IRE VPN Client perhaps? Look for IREike.exe in the Task Manager's
    >process list.
    >
    >Joe
    >
    >
    >
    >
    > Adrian Horton
    > <adhort02@yahoo.c To: security-basics@securityfocus.com
    > om> cc:
    > Subject: Port Scan(?)
    > 03/20/2002 01:41
    > PM
    >
    >
    >
    >
    >
    >
    >The incidents@securityfocus.com owner rejected this
    >post so can anyone here make sense of this?
    >
    >On my 10.1.2.0/24 network, I discovered (with
    >Ethereal) that one of my hosts (10.1.2.112) was
    >broadcasting UDP packets to 255.255.255.255 to port
    >62516.
    >The *source port* though was incrementing by one after
    >every packet. That host machine is running Windows
    >2000.
    >
    >Anyone know what kind of activity this is? It seems
    >the opposite of a port scan and it is inside my
    >private network. I know which machine it is, I just
    >can't figure out what it was doing so I disconnected
    >it from the network until I figure it out.
    >
    >Thanks,
    >
    >AH
    >
    >
    >__________________________________________________
    >Do You Yahoo!?
    >Yahoo! Sports - live college hoops coverage
    >http://sports.yahoo.com/
    >
    >
    >
    >
    >


  • Next message: William Farren: "PGP & Outlook"

    Relevant Pages

    • Re: Glitches with Yahoo Messenger
      ... Mac at all and this was truly the only product I could find to chat ... Please let us know if Yahoo "engineers" ever respond! ... I'll be pissed if they drop webcam support for the Mac Client! ... Currently I am unable to broadcast my webcam and also unable to ...
      (comp.sys.mac.apps)
    • Re: Network config on FreeBSD 5.1 - Help!
      ... inet 0.0.0.0 netmask 0xff0000000 broadcast 255.255.255.255 ... BUT these addresses are not in hexidecimal whereas my inet #s are. ... Try the all-new Yahoo! ...
      (freebsd-hackers)
    • Re: Problem with Intel 82540EM Gigabit Ethernet Controller
      ... >> thats ok, but in both systems I can only get ... >> packets errs bytes packets errs ... Win 1 of 4,000 free domain names from Yahoo! ...
      (freebsd-questions)
    • "Heroes," "Jericho" pilots to go up on Yahoo prior to air
      ... Three of the Big Four broadcast networks will preview their new fall ... series on Yahoo! ... Prison Break, following their broadcast premieres. ... the pilot episode of Jericho, ...
      (rec.arts.tv)
    • Re: broadcast udp packets ...
      ... firewalls w/ cable modems. ... pertaining to the workstaion hosting a particular game. ... broadcasts from a private network, across the IPSEC tunnel and to the distant ... broadcast, they always come out as network directed broadcasts. ...
      (freebsd-net)