Anthony, I believe it is the new-email notification going out from the Exchange server to all the clients. Basically, Exchange uses a UDP packet to tell the Outlook client that a new email has come in and to refresh the view. Like Ryan Hill said in his reply, you can customize the TCP ports that Exchange uses for MTA, IS, DS, etc connections, but unfortunately the UDP mail notification is completely random and can't be customized. Later -Gary- -----Original Message----- From: Caruso, Anthony J. To: INCIDENTSat_private Sent: 10/24/01 12:53 PM Subject: Odd traffic generated from Exchange Server Hi All: Outbound ACLs on my router has started picking up traffic originating from one of my Exchange boxes: Oct 23 10:12:18 router1 list 101 denied udp 10.1.1.1(2643) -> 192.50.50.51(1046) The source port is usually different and the destination port oscillates between 1046 and 1171. The traffic occurs about every 15 min in quick bursts (incremental source ports), I am running a sniff now. Any ideas? Exchange 5.5 Sp3, NT 4.0SP6a no additional patches. Internal RFC 1918 addressed Exchange server. I am putting out an altogether different fire right now, but I will post traces as I get more info. Thanks. -Tony ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Oct 24 2001 - 12:33:00 PDT