Security Incidents mailing list archives
Re: Unknown Broadcast Traffic (sygate manager?)
From: Blair Strang <Blair.Strang () CHELMER CO NZ>
Date: Tue, 30 Jan 2001 18:56:01 +1300
Here's a wild (but I think plausible) stab: My guess is that it's the sygate manager (sygate is nat/connection sharing software) broadcasting on port 39213. Basically a proprietary discovery protocol used to find other machines running sygate. Perhaps someone running sygate could confirm this? (I would suggest sniffing on the local network while sygate manager is running, looking for udp broadcasts...) See: http://www.sygate.com/support/documents/fix.htm - they changed the manager port to 39213/UDP after build 521. Couldn't find any other useful docs on sygate.com however. ("Our documentation is full of nutritious marketspeak! Yet still has only 0.5 calories of actual information in each megabyte!") Regards, Blair. P.S: If it is sygate, and it's sending these out the "internet" interface, it seems likely it's misconfigured. -- [ Warning: a .sig virus was detected in this signature. It has been cleaned by memesweeper 3.0 ]
-----Original Message----- From: claymore [mailto:claymore () ADELPHIA NET] Sent: Saturday, January 27, 2001 7:20 AM To: INCIDENTS () SECURITYFOCUS COM Subject: Unknown Broadcast Traffic I am trying to figure out what is causing the traffic shown below. I cannot find anything that would create it and have been receiving continued reports. Has anyone seen this? Claymore the unprofound FWIN 2001/01/22 18:14:46 -5:00 GMT 24.50.40.65:1027 24.255.255.255:39213 UDP FWIN 2001/01/22 18:14:46 -5:00 GMT 24.50.40.65:1028 24.255.255.255:39213 UDP FWIN 2001/01/22 18:14:48 -5:00 GMT 24.50.40.65:1029 24.255.255.255:39213 UDP FWIN 2001/01/22 18:14:48 -5:00 GMT 24.50.40.65:1030 24.255.255.255:39213 UDP FWIN 2001/01/22 18:14:48 -5:00 GMT 24.50.40.65:1031 24.255.255.255:39213 UDP FWIN 2001/01/22 18:14:50 -5:00 GMT 24.50.40.65:1032 24.255.255.255:39213 UDP FWIN 2001/01/22 18:14:50 -5:00 GMT 24.50.40.65:1033 24.255.255.255:39213 UDP FWIN 2001/01/22 18:14:52 -5:00 GMT 24.50.40.65:1034 24.255.255.255:39213 UDP
-- The information contained in this e-mail and any attachments is confidential and is intended for the attention and use of the named addressee(s) only. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Chelmer Limited.
Current thread:
- Re: Unknown Broadcast Traffic (sygate manager?) Blair Strang (Jan 30)