Security Incidents mailing list archives

Re: Strange UDP Activity

From: Valdis.Kletnieks () vt edu
Date: Tue, 16 Apr 2002 15:03:29 -0400

On Tue, 16 Apr 2002 13:09:30 EDT, Rajiv Dighe <rdighe () SANDVINE com>  said:

Port 1067 is also used by Installation Bootstrap Protocol Server. Apparently
on default win2k server install this port is utilized. details are available
at http://support.microsoft.com/default.aspx?scid=kb;EN-US;q289241

This could be an attempt to map out hosts running win2k servers in default
install. This is apparently also used by HP boxes. i.e. you can setup one


Wasn't there an issue where Windows Active Directory would try to find a likely
DNS server to register itself in, and if it failed, it would go harass a root
server and try to register itself there?  This would explain traffic coming
back from root servers back to the bootstrap server....
-- 
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech

Attachment: _bin
Description:

Current thread:

Strange UDP Activity LAVELLE,MICHAEL (HP-PaloAlto,ex1) (Apr 16)
- Re: Strange UDP Activity Ryan Russell (Apr 16)
- <Possible follow-ups>
- RE: Strange UDP Activity Joe Kattner (Apr 16)
- RE: Strange UDP Activity Rajiv Dighe (Apr 16)
  - Re: Strange UDP Activity Valdis . Kletnieks (Apr 16)
- RE: Strange UDP Activity LAVELLE,MICHAEL (HP-PaloAlto,ex1) (Apr 16)
- RE: Strange UDP Activity Jose Nazario (Apr 16)
  - Re: Strange UDP Activity Eric Brandwine (Apr 16)
    - Re: Strange UDP Activity Jose Nazario (Apr 16)
- Re: Strange UDP Activity Stephen Friedl (Apr 16)