--On 03/08/2002 3:31 PM +0200 sheib wrote: } I got some strange udp activity on my production machine. I am positive it's } not due some of my doings; no dns servers running, no udp feeding daemons, } etc. Snort detects no threat either. This occurs somehow periodicly on every } hour. It's no udp scan. The very same ports are used all the time. } } } <snip> } } 05:56:47.258786 SRC.1028 > DST.38293: [udp sum ok] Almost certainly Norton Antivirus Corporate edition out looking for clients. See (for example) http://lists.gnac.net/pipermail/firewalls/2001-June/083825.html Jim -- Jim Watt wattjgat_private Applied Biosystems Voice (desk): +1 408 577 2228 3833 North First Street Fax: +1 408 894 9307 San Jose CA 95134-1701 Voice (main): +1 408 577 2200 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Mar 10 2002 - 17:03:24 PST