Security Incidents mailing list archives
RE: Odd traffic generated from Exchange Server - Resolved
From: "Caruso, Anthony J." <acaruso () fna com>
Date: Fri, 26 Oct 2001 16:57:59 -0500
All: Thanks to Gary & Ryan. Turns out a machine that dials up to our network has his NIC set to 192.50.50.51 (I have sent him a copy of RFC 1918!). When the Outlook client tells Exchange his address, apparently all addresses are included and Exchange doesn't bother checking the source address (turn this over to vul-dev :-)). So, that is why the Exchange server sends the UDP packets to the bizarre address. Many thanks to the Ethereal team too! If anyone wants to see the traffic sample, let me know. -Tony ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: Odd traffic generated from Exchange Server - Resolved Caruso, Anthony J. (Oct 27)