Have you tried sniffing the traffic and looking at the data inside? have you connected to these ports on your hosts? have you connected to the machines and seen what processes have those sockets (if *nix fuser/lsof). If it is in your power to do these things, this is how you can investigate yourself before posting to these lists. On Tue, 4 Mar 2003, Patrick Webster wrote: > Hi All, > > I'm seeing lots of UDP packets on port 41170 from hundreds of source > addresses - in fact i seem to be getting them every 3 seconds or so. > > Also, for every, say, 10 port 41170 packets detected, I'm seeing TCP > packets, destination port 35175, 35429 and 38592. > > Any ideas? > > -Patrick ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
This archive was generated by hypermail 2b30 : Tue Mar 04 2003 - 10:28:59 PST