Re: Port Scan(?)
From: Sumit Chaudhary (chaudharysumit_at_netscape.net)
Date: 10/12/04
- Previous message: Sullivan, Glenn: "RE: Tutorial on writing to Registery"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 12 Oct 2004 20:34:19 -0000 To: security-basics@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <OFC6F4EBD6.B9A3574D-ON86256B83.006AE482@fnal.gov>
Can you tell me the reason behind this broadcast? IDS of my customer is having allergy with these broadcasts.
Thank you in advance.
-Sumit
>Received: (qmail 12742 invoked from network); 22 Mar 2002 18:34:11 -0000
>Received: from outgoing3.securityfocus.com (HELO outgoing.securityfocus.com) (66.38.151.27)
> by mail.securityfocus.com with SMTP; 22 Mar 2002 18:34:11 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.19])
> by outgoing.securityfocus.com (Postfix) with QMQP
> id 1AC9CA3197; Fri, 22 Mar 2002 10:28:27 -0700 (MST)
>Mailing-List: contact security-basics-help@securityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <security-basics.list-id.securityfocus.com>
>List-Post: <mailto:security-basics@securityfocus.com>
>List-Help: <mailto:security-basics-help@securityfocus.com>
>List-Unsubscribe: <mailto:security-basics-unsubscribe@securityfocus.com>
>List-Subscribe: <mailto:security-basics-subscribe@securityfocus.com>
>Delivered-To: mailing list security-basics@securityfocus.com
>Delivered-To: moderator for security-basics@securityfocus.com
>Received: (qmail 20833 invoked from network); 21 Mar 2002 19:26:29 -0000
>Subject: Re: Port Scan(?)
>To: Adrian Horton <adhort02@yahoo.com>
>Cc: security-basics@securityfocus.com
>X-Mailer: Lotus Notes Release 5.0.6a January 17, 2001
>Message-ID: <OFC6F4EBD6.B9A3574D-ON86256B83.006AE482@fnal.gov>
>From: jklemenc@fnal.gov
>Date: Thu, 21 Mar 2002 13:28:24 -0600
>X-MIMETrack: Serialize by Router on BSSMAIL1/Fermilab/US(Release 5.0.9 |November 16, 2001) at
> 03/21/2002 01:28:29 PM
>MIME-Version: 1.0
>Content-type: text/plain; charset=us-ascii
>
>
>Sonicwall IRE VPN Client perhaps? Look for IREike.exe in the Task Manager's
>process list.
>
>Joe
>
>
>
>
> Adrian Horton
> <adhort02@yahoo.c To: security-basics@securityfocus.com
> om> cc:
> Subject: Port Scan(?)
> 03/20/2002 01:41
> PM
>
>
>
>
>
>
>The incidents@securityfocus.com owner rejected this
>post so can anyone here make sense of this?
>
>On my 10.1.2.0/24 network, I discovered (with
>Ethereal) that one of my hosts (10.1.2.112) was
>broadcasting UDP packets to 255.255.255.255 to port
>62516.
>The *source port* though was incrementing by one after
>every packet. That host machine is running Windows
>2000.
>
>Anyone know what kind of activity this is? It seems
>the opposite of a port scan and it is inside my
>private network. I know which machine it is, I just
>can't figure out what it was doing so I disconnected
>it from the network until I figure it out.
>
>Thanks,
>
>AH
>
>
>__________________________________________________
>Do You Yahoo!?
>Yahoo! Sports - live college hoops coverage
>http://sports.yahoo.com/
>
>
>
>
>
- Previous message: Sullivan, Glenn: "RE: Tutorial on writing to Registery"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
