PaulDotCom mailing list archives

Re: Strange Traffic

From: "Josh Little" <josh () zombietango com>
Date: Wed, 25 Aug 2010 16:48:39 -0400

Or it's their new voice chat stuff. 

 

http://lifehacker.com/5621842/gmail-integrates-with-google-voice-for-free-ca
lls-from-your-inbox

 

ZT

 

From: pauldotcom-bounces () mail pauldotcom com
[mailto:pauldotcom-bounces () mail pauldotcom com] On Behalf Of Craig Freyman
Sent: Wednesday, August 25, 2010 3:53 PM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] Strange Traffic

 

Its happens when someone has a gmail account open. It must be the chat
feature? 

On Wed, Aug 25, 2010 at 1:33 PM, Craig Freyman <craigfreyman () gmail com>
wrote:

I think it might be Bonjour?

 

 [mDNSResponder.exe]  UDP    [::]:500               *:*
1044

 

 

 

On Wed, Aug 25, 2010 at 1:27 PM, Craig Freyman <craigfreyman () gmail com>
wrote:

A lot. Is there a utility like process explorer that can tell me the
subprocesses of svchost and the port they're using?

 

On Wed, Aug 25, 2010 at 12:09 PM, Bugbear <gbugbear () gmail com> wrote:

Also what is running under SVCHOST?


On Wed, Aug 25, 2010 at 2:05 PM, Vincent Lape <vlape () me com> wrote:

Can you give a tcpdump of the traffic?



On Aug 25, 2010, at 10:54 AM, Craig Freyman <craigfreyman () gmail com>

wrote:


I'm trying to understand why a number of client computers are sending UDP
500 traffic to strange places. For example, from one machine it is sending
traffic to 209.85.225.166 which is owned by Google. Netstat tells me that
the traffic is originating from SVCHOST.
I thought UDP 500 was used for IKE but is it also used for some sort of

keep

alive? I'm confused!
Thanks,
C


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Strange Traffic Craig Freyman (Aug 25)
- Re: Strange Traffic Vincent Lape (Aug 25)
  - Re: Strange Traffic Bugbear (Aug 25)
    - Re: Strange Traffic Craig Freyman (Aug 25)
    - Re: Strange Traffic Craig Freyman (Aug 25)
    - Re: Strange Traffic Josh Little (Aug 25)
    - Re: Strange Traffic Craig Freyman (Aug 25)
    - Re: Strange Traffic Josh Little (Aug 25)
    - Re: Strange Traffic Bugbear (Aug 25)
    - Re: Strange Traffic Bacon Zombie (Aug 25)
    - Re: Strange Traffic Craig Freyman (Aug 25)
    - Re: Strange Traffic Michael Miller (Aug 25)
    - Re: Strange Traffic Craig Freyman (Aug 26)