Hi All: Outbound ACLs on my router has started picking up traffic originating from one of my Exchange boxes: Oct 23 10:12:18 router1 list 101 denied udp 10.1.1.1(2643) -> 192.50.50.51(1046) The source port is usually different and the destination port oscillates between 1046 and 1171. The traffic occurs about every 15 min in quick bursts (incremental source ports), I am running a sniff now. Any ideas? Exchange 5.5 Sp3, NT 4.0SP6a no additional patches. Internal RFC 1918 addressed Exchange server. I am putting out an altogether different fire right now, but I will post traces as I get more info. Thanks. -Tony ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Oct 24 2001 - 10:02:20 PDT