Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

RE: Odd traffic generated from Exchange Server - Resolved
From: "Caruso, Anthony J." <acaruso () fna com>
Date: Fri, 26 Oct 2001 16:57:59 -0500
All:

Thanks to Gary & Ryan.  

Turns out a machine that dials up to our network has his NIC set to
192.50.50.51 (I have sent him a copy of RFC 1918!).  When the Outlook client
tells Exchange his address, apparently all addresses are included and
Exchange doesn't bother checking the source address (turn this over to
vul-dev :-)).

So, that is why the Exchange server sends the UDP packets to the bizarre
address.

Many thanks to the Ethereal team too!

If anyone wants to see the traffic sample, let me know.

-Tony



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

  By Date           By Thread  

Current thread:
  • RE: Odd traffic generated from Exchange Server - Resolved Caruso, Anthony J. (Oct 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]