RE: Odd traffic generated from Exchange Server - Resolved

From: Caruso, Anthony J. (acarusoat_private)
Date: Fri Oct 26 2001 - 14:57:59 PDT

  • Next message: Russell Fulton: "Use of HEAD in web server scan"

    All:
    
    Thanks to Gary & Ryan.  
    
    Turns out a machine that dials up to our network has his NIC set to
    192.50.50.51 (I have sent him a copy of RFC 1918!).  When the Outlook client
    tells Exchange his address, apparently all addresses are included and
    Exchange doesn't bother checking the source address (turn this over to
    vul-dev :-)).
    
    So, that is why the Exchange server sends the UDP packets to the bizarre
    address.
    
    Many thanks to the Ethereal team too!
    
    If anyone wants to see the traffic sample, let me know.
    
    -Tony
    
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Oct 26 2001 - 15:26:35 PDT