Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Odd traffic generated from Exchange Server
From: "Caruso, Anthony J." <acaruso () fna com>
Date: Wed, 24 Oct 2001 11:53:09 -0500
Hi All:

Outbound ACLs on my router has started picking up traffic originating from
one of my Exchange boxes:

Oct 23 10:12:18 router1 list 101 denied udp 10.1.1.1(2643) ->
192.50.50.51(1046)

The source port is usually different and the destination port oscillates
between 1046 and 1171.  The traffic occurs about every 15 min in quick
bursts (incremental source ports), I am running a sniff now.

Any ideas?

Exchange 5.5 Sp3, NT 4.0SP6a no additional patches.  Internal RFC 1918
addressed Exchange server.

I am putting out an altogether different fire right now, but I will post
traces as I get more info.

Thanks.
-Tony

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]