Security Incidents mailing list archives
Re: Unknown Broadcast Traffic
From: Daniel Martin <dtmartin24 () HOME COM>
Date: Mon, 29 Jan 2001 11:31:01 -0500
claymore <claymore () ADELPHIA NET> writes:
I am trying to figure out what is causing the traffic shown below. I cannot find anything that would create it and have been receiving continued reports. Has anyone seen this? Claymore the unprofound FWIN 2001/01/22 18:14:46 -5:00 GMT 24.50.40.65:1027 24.255.255.255:39213 UDP FWIN 2001/01/22 18:14:46 -5:00 GMT 24.50.40.65:1028 24.255.255.255:39213 UDP
<more of same snipped> UDP port 39213 is used by the Sygate Home Network Manager - a web search (via google) will pop up other reports of this. (sometimes, the source UDP address is in the private 192.168.* address space) In all likelihood, this means that some poor adelphia.net user has bought a Sygate Home Network firewall product and failed to configure it correctly before connecting it to their cable modem. As the only bugtraq article I can find about Sygate seems to indicate a hole via TCP port 7323 connections, it is unlikely that this was looking to exploit anything.
Current thread:
- Re: Template Admin Notification, (continued)
- Re: Template Admin Notification Jim Littlefield (Jan 24)
- Re: Template Admin Notification Rick Ballard (Jan 24)
- Re: Template Admin Notification Timothy Lyons (Jan 24)
- Re: Template Admin Notification Tim (Jan 25)
- Re: Template Admin Notification Glenn Forbes Fleming Larratt (Jan 25)
- Re: Template Admin Notification Dave Salovesh (Jan 25)
- Re: Template Admin Notification Irwin R. Naumann (Jan 25)
- Re: Template Admin Notification Forrester, Mike (Jan 25)
- Re: Template Admin Notification Russell Fulton (Jan 25)
- Unknown Broadcast Traffic claymore (Jan 29)
- Re: Unknown Broadcast Traffic Daniel Martin (Jan 29)
- Re: Template Admin Notification Russell Fulton (Jan 25)
- Re: Template Admin Notification Forrester, Mike (Jan 29)