Security Basics mailing list archives
Re: Help!!
From: "Eric McCarty" <eric () piteduncan com>
Date: Fri, 11 Mar 2005 11:30:31 -0800
First off, Multicast = > 1 Address. Unicast = 1 Address. Broadcast = All addresses. Next, since the source IP's are apparently on your LAN I would say sniff the traffic from those machines, I would bet its spyware/adware communications. Good luck. Eric. On Thu, 2005-03-10 at 18:59 -0600, Jose Alberto Arce wrote:
Hi all. I've seen since last monday on my network, some addresses sending multicast to address 234.11.11.12, using UPD 8991. I googled a little bit and I didn't find anything related to that multicast. Last two packets captured are: 17:29:43.295448 ethertype IPv4 (0x0800), length 99: IP (tos 0x0, ttl 3, id 4299, offset 0, flags [none], length: 85) xxx.xxx.xxx.xxx.1034 > 234.11.11.12.8991: UDP, length: 57 17:29:43.311066 ethertype IPv4 (0x0800), length 99: IP (tos 0x0, ttl 3, id 4300, offset 0, flags [none], length: 85) xxx.xxx.xxx.xxx.1034 > 234.11.11.12.8991: UDP, length: 57 Any ideas of what device or program might be producing this traffic? Thanks OA
-- Eric C. McCarty Systems Administrator Pite Duncan & Melmet, LLP eric () piteduncan com 619 590-1300 x 2060
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Help!! Jose Alberto Arce (Mar 11)
- <Possible follow-ups>
- Re: Help!! Eric McCarty (Mar 11)