Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Help!!

From: Jose Alberto Arce <beto () siberiano aragon unam mx>
Date: Thu, 10 Mar 2005 18:59:12 -0600 (CST)
Hi all.
I've seen since last monday on my network, some addresses sending 
multicast to address 234.11.11.12, using UPD 8991. I googled a little 
bit and I didn't find anything related to that multicast. Last two 
packets captured are:

17:29:43.295448 ethertype IPv4 (0x0800), length 99: IP (tos 0x0, ttl 3, id
4299, offset 0, flags [none], length: 85) xxx.xxx.xxx.xxx.1034 >
234.11.11.12.8991: UDP, length: 57
17:29:43.311066 ethertype IPv4 (0x0800), length 99: IP (tos 0x0, ttl 3, id
4300, offset 0, flags [none], length: 85) xxx.xxx.xxx.xxx.1034 >
234.11.11.12.8991: UDP, length: 57

Any ideas of what device or program might be producing this traffic?
Thanks
OA
Previous By Date Next
Previous By Thread Next

Current thread: