We now think that this is related to the Corporate Edition of Norton AntiVirus. There is some sort of scanning involved there, but I'm not very clear on the details. Our LAN people just rolled this version out into our network a couple of weeks ago which explains why I wasn't seeing it in the past.
Thanks for the research! John >>> "Steven A. Ridder" 2/13/02 1:00:53 PM >>> I found three that it could be. Any of the other ports open listed below? I hope this comes through readable... 1. Pal Talk [support page] (Watch Out! Opens a wide port range!) IN UDP 2090 [voice] IN UDP 2091 [control stream] IN TCP 2090 [file transfer] IN TCP 2091 [video listening] IN TCP 2095 [file transfer- older versions] OUT TCP 5001 - 50015 [text messaging] OUT TCP 8200 - 8700 [Firewall / network mode group voice] OUT UDP 8200 - 8700 [Firewall / network mode group voice] OUT UDP 1025 - 2500 [outbound voice & control stream (user configurable)] The last 2 UDP outbound ports are usually set in pairs. 1024 - 1025, 1026 - 1027, etc... Most users never have to set these lower two ports. They are dynamically assigned if you leave the lower two boxes set to 0's on the 'paltalk port settings' tab. Outbound ports are usually not an issue but are listed here for network users who may need to manually configure for a proxy or NAT server or other hardware device. 2. Everquest (it's a videogame) (Watch Out! Opens a wide port range!) See this Everquest page for more info IN TCP 1024 7000 IN UDP 1024 6000 Note: May have to open this last UDP range even wider 3. CarbonCopy32 host on your LAN (Watch Out! Opens a wide port range!) IN TCP 1680 IN UDP 1023-1679 ""John Neiberger"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > After watching a sniffer connected to one of our LANs we're seeing a lot > of different clients attempting to reach UDP port 1034 on one of our > primary servers. The source UDP port is in the range 1026-1033. I'm > not able to find any good information regarding these ports. > > Some sites say that some of these are used by BBN Integrated Access > Devices. I have no idea what those are and I'm pretty sure we don't > have any around. :-) > > Other pages mention that 1032-1034 are used for rstatd, rusers, and > walld. Again, I don't really know what those are but it looks like > they'd be more appropriate in a unix context. > > Any ideas? > > Thanks! > John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35335&t=35331 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
