RE: Odd traffic generated from Exchange Server - Resolved

["Caruso, Anthony J." <acaruso () fna com>]

All:

Thanks to Gary & Ryan.  

Turns out a machine that dials up to our network has his NIC set to
192.50.50.51 (I have sent him a copy of RFC 1918!).  When the Outlook client
tells Exchange his address, apparently all addresses are included and
Exchange doesn't bother checking the source address (turn this over to
vul-dev :-)).

So, that is why the Exchange server sends the UDP packets to the bizarre
address.

Many thanks to the Ethereal team too!

If anyone wants to see the traffic sample, let me know.

-Tony



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com