Looks like he has NTP setup to sync to an external resource, depending on what version of ESX he has , the setup should be somewhere here
From: Raper, Jonathan - Eagle [mailto:[email protected]] Sent: Thursday, September 16, 2010 11:23 AM To: NT System Admin Issues Subject: security concern - ESX host repeatedly hitting external IP... We're getting ready to decommission an old router, and almost all of the traffic to and through it (except broadcast) has stopped. I'm reviewing the syslog, and keep seeing this: 9/16/2010 8:36:50 AM [Internal Router Private IP Address] Informational SEC-6-IPACCESSLOGP 651364: 44w0d: %SEC-6-IPACCESSLOGP: list permit_any permitted udp [ESX Private IP Address](0) -> 72.18.205.156(0), 1 packet I've asked our VMware admin to look over his host configuration to make sure he isn't pointing to the old router, but he says everything is "fine." Anyone else seen this or have any ideas as to why I'm seeing this traffic? Upon Googling said IP Address, it appears that it may be part of pool.ntp.org, but I cannot confirm this. This host is located in Warminster, PA, according to some sites. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians & Associates, PA [email protected] www.eaglemds.com ________________________________ Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin _________________________________________________________ This e-mail, including attachments, contains information that is confidential and may be protected by attorney/client or other privileges. This e-mail, including attachments, constitutes non-public information intended to be conveyed only to the designated recipient(s). If you are not an intended recipient, you are hereby notified that any unauthorized use, dissemination, distribution or reproduction of this e-mail, including attachments, is strictly prohibited and may be unlawful. If you have received this e-mail in error, please notify me by e-mail reply and delete the original message and any attachments from your system. _________________________________________________________ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image001.png>>
