mDNS is a broadcast/multicast protocol that is not routable normally. You
can check those hosts to see if they have anything attached to UDP 5353, as
that is the typical mDNS client port. I would be surprised, though, if what
you are seeing is mDNS.

 

ZT

 

From: [email protected]
[mailto:[email protected]] On Behalf Of Craig Freyman
Sent: Wednesday, August 25, 2010 3:33 PM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] Strange Traffic

 

I think it might be Bonjour?

 

 [mDNSResponder.exe]  UDP    [::]:500               *:*
1044

 

 

 

On Wed, Aug 25, 2010 at 1:27 PM, Craig Freyman <[email protected]>
wrote:

A lot. Is there a utility like process explorer that can tell me the
subprocesses of svchost and the port they're using?

 

On Wed, Aug 25, 2010 at 12:09 PM, Bugbear <[email protected]> wrote:

Also what is running under SVCHOST?


On Wed, Aug 25, 2010 at 2:05 PM, Vincent Lape <[email protected]> wrote:
> Can you give a tcpdump of the traffic?
>
>
>
> On Aug 25, 2010, at 10:54 AM, Craig Freyman <[email protected]>
wrote:
>
> I'm trying to understand why a number of client computers are sending UDP
> 500 traffic to strange places. For example, from one machine it is sending
> traffic to 209.85.225.166 which is owned by Google. Netstat tells me that
> the traffic is originating from SVCHOST.
> I thought UDP 500 was used for IKE but is it also used for some sort of
keep
> alive? I'm confused!
> Thanks,
> C
>
>
> _______________________________________________
> Pauldotcom mailing list
> [email protected]
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
> _______________________________________________
> Pauldotcom mailing list
> [email protected]
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

 

 

_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Reply via email to