Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Port 2301; Address 129.70.136.250

From: "Bill Pennington" <bpennington () lucidnetworks com>
Date: Fri, 7 May 1999 21:59:57 -0700
Port 2301 is used for the Compaq Insight Management Web Agents. Most likely
installed if you used the included Smart Start CD. It broadcast so that
other Compaq servers know that it is web enabled. Go to this URL
http://yourserver:2301 It will give you all sorts of management info. drive
space CPU utilization etc etc. If this server is on the Internet I would
recommend disabling the Compaq Web Agents. You do this by disabling the
service in control panel.

As for the other issue I have no clue. Doesn't look good though.

Bill Pennington
Consultant
Lucid Networks


-----Original Message-----
From: Ferguson, Linwood <Ferguson () CHASLEVY com>
To: 'firewall-wizards () nfr net' <firewall-wizards () nfr net>
Date: Friday, May 07, 1999 5:54 PM
Subject: Port 2301; Address 129.70.136.250



I recently installed Gauntlet NT 5 upgrading from NT 2.1.  It has a lot
more logging of unexpected data on both internal and external ports.

I've got two different systems sending two different types of messages I
can't understand, and wonder if anyone knows what they are.

The first is a NT system running Peoplesoft and Oracle.  About every 2
minutes it goes through a series where it first sends an ICMP packet to
address 129.70.136.250, then sends netbios name requests to the same
address.  That address is frigo.TechFak.Uni-Bielefeld.DE.  No one here
recognizes that address.  The system is a server and has no interactive
use.  I searched the registry and all obvious places for any references
to either this name and address - nothing.  The address is at a German
university, that's all I can tell.

Anyone recognize this?  My obvious concern is that we have something on
that system trying to reach the home system of someone.

The other system is a NT server as well freshly installed with SQL
Server.  It's a Compaq server.  Every few minutes it does a broadcast to
255.255.255.255 UPD on port 2301.  I saw one note (ironically but
unrelatedly in German) that had the word "Insight" in it.  This system
is running the Compaq insight agents, but I see nothing in there that
sets this up.  We have another dozen Compaq servers around here also
running the Compaq agents that are not doing this.  I do not know it is
Insight, but am curious what it is.

Ring any bells?

Thanks in advance,

Linwood Ferguson
Previous By Date Next
Previous By Thread Next

Current thread: