-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It would be best if you could actually get a dump of the packets with something like tcp or win dump. 255.255.255.255 is obviously a broadcast address. I would guess it is some kind program or service running that is broadcasting. What programs are running the machine when it does this? What software is loaded on it?
Regards, Leon - -----Original Message----- From: Adrian Horton [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 20, 2002 2:42 PM To: [EMAIL PROTECTED] Subject: Port Scan(?) The [EMAIL PROTECTED] owner rejected this post so can anyone here make sense of this? On my 10.1.2.0/24 network, I discovered (with Ethereal) that one of my hosts (10.1.2.112) was broadcasting UDP packets to 255.255.255.255 to port 62516. The *source port* though was incrementing by one after every packet. That host machine is running Windows 2000. Anyone know what kind of activity this is? It seems the opposite of a port scan and it is inside my private network. I know which machine it is, I just can't figure out what it was doing so I disconnected it from the network until I figure it out. Thanks, AH __________________________________________________ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPKDgsNqAgf0xoaEuEQKOZwCggZI2BgtBfozxI7Xo2LHStP7WUz8AoO6m TA4SVHkzwSQkp61zlIW7x0a2 =9elQ -----END PGP SIGNATURE-----
