Security Incidents mailing list archives
Re: Unknown traffic
From: joey () SILICONDEFENSE COM (Joe McAlerney)
Date: Tue, 27 Jun 2000 16:28:21 -0700
Well, since two of those port numbers match, this _may_ be the culprit: Web JetAdmin Package Manager Installed on: supported Linux, Solaris and HP-UX systems Path: /opt/fpmd Listener Port: 54253 Purpose: Performs installation of packages for Web JetAdmin software Print Server Manager Installed on: supported Linux, Solaris and HP-UX systems Path: /opt/ppsweb Listener Port: 55559 Purpose: provides communication channel for Web JetAdmin remote printer installation from: http://www.hp.com/cposupport/networking/support_doc/bpj06419.html -Joe M. Paul Hancock wrote:
There is a system that is trying to connect to udp ports 55559, 43768, and 54253 on a number of my systems. It tries those ports on a given machine, and then moves on to a seemingly random machine from within my network. Any idea what is running, or what it is trying to connect to? [IPs changed] Jun 27 02:10:26 ppl 74081: %SEC-6-IPACCESSLOGP: list PPL-COPATM-in denied udp 8.1.218.40(2753) -> 207.137.123.164(55559), 1 packet Jun 27 02:10:27 ppl 74082: %SEC-6-IPACCESSLOGP: list PPL-COPATM-in denied udp 8.1.218.40(2754) -> 207.137.123.164(43768), 1 packet Jun 27 02:10:28 ppl 74083: %SEC-6-IPACCESSLOGP: list PPL-COPATM-in denied udp 8.1.218.40(2755) -> 207.137.123.164(54253), 1 packet -- Paul (phancock () lib ci phoenix az us)
Current thread:
- Unknown traffic Paul Hancock (Jun 27)
- Re: Unknown traffic Joe McAlerney (Jun 27)
- Re: Unknown traffic Osvaldo Janeri Filho (Jun 27)
- Re: Unknown traffic desmond irvine (Jun 28)