RE: Anyone seen this UDP source port 7001 traffic?

From: Taz (taz@taz-mania.com)
Date: Mon Apr 28 2003 - 10:14:53 PDT

Next message: Neil Dickey: "Re: lots of port 0 scannings"

Previous message: Brad Doctor: "Re: lots of port 0 scannings"
In reply to: Michael Lau: "Re: Anyone seen this UDP source port 7001 traffic?"
Next in thread: Tina Bird: "Re: Anyone seen this UDP source port 7001 traffic?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It is also the default port for BEA weblogic J2EE servers. This is a common
port for application servers

-----Original Message-----
From: Michael Lau [mailto:michaelat_private]
Sent: Saturday, April 26, 2003 5:34 PM
To: incidentsat_private
Subject: Re: Anyone seen this UDP source port 7001 traffic?

In-Reply-To:
<D3E721E0EEA4B74792D6CDE53CA13721B2AA49at_private>

I have seen this in my firewall log also.  Signed out of MSN Messenger.
It stopped.  Upon check on the Net.  Found the following on port 7001.

[OpenAFS] AFS-Client behind masquerading firewall
... All output from the client cache manager exits via UDP port 7001, and
all responses
to the cache manager (including callbacks) return via UDP port 7001. ...
https://lists.openafs.org/pipermail/openafs-info/ 2001-
January/000173.html - 5k - Cached - Similar pages

Don't quit know what AFS is.  Seems to have something to do with IBM
Webspere software.

----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts.  The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches.  Deadline for the best rates is April 25.  Register today to
ensure your place. http://www.securityfocus.com/BlackHat-incidents
----------------------------------------------------------------------------

----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place. http://www.securityfocus.com/BlackHat-incidents 
----------------------------------------------------------------------------

Next message: Neil Dickey: "Re: lots of port 0 scannings"
Previous message: Brad Doctor: "Re: lots of port 0 scannings"
In reply to: Michael Lau: "Re: Anyone seen this UDP source port 7001 traffic?"
Next in thread: Tina Bird: "Re: Anyone seen this UDP source port 7001 traffic?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 29 2003 - 15:13:04 PDT