Firewall Wizards mailing list archives
Re: Port 2301; Address 129.70.136.250
From: "Bill Pennington" <bpennington () lucidnetworks com>
Date: Fri, 7 May 1999 21:59:57 -0700
Port 2301 is used for the Compaq Insight Management Web Agents. Most likely installed if you used the included Smart Start CD. It broadcast so that other Compaq servers know that it is web enabled. Go to this URL http://yourserver:2301 It will give you all sorts of management info. drive space CPU utilization etc etc. If this server is on the Internet I would recommend disabling the Compaq Web Agents. You do this by disabling the service in control panel. As for the other issue I have no clue. Doesn't look good though. Bill Pennington Consultant Lucid Networks -----Original Message----- From: Ferguson, Linwood <Ferguson () CHASLEVY com> To: 'firewall-wizards () nfr net' <firewall-wizards () nfr net> Date: Friday, May 07, 1999 5:54 PM Subject: Port 2301; Address 129.70.136.250
I recently installed Gauntlet NT 5 upgrading from NT 2.1. It has a lot more logging of unexpected data on both internal and external ports. I've got two different systems sending two different types of messages I can't understand, and wonder if anyone knows what they are. The first is a NT system running Peoplesoft and Oracle. About every 2 minutes it goes through a series where it first sends an ICMP packet to address 129.70.136.250, then sends netbios name requests to the same address. That address is frigo.TechFak.Uni-Bielefeld.DE. No one here recognizes that address. The system is a server and has no interactive use. I searched the registry and all obvious places for any references to either this name and address - nothing. The address is at a German university, that's all I can tell. Anyone recognize this? My obvious concern is that we have something on that system trying to reach the home system of someone. The other system is a NT server as well freshly installed with SQL Server. It's a Compaq server. Every few minutes it does a broadcast to 255.255.255.255 UPD on port 2301. I saw one note (ironically but unrelatedly in German) that had the word "Insight" in it. This system is running the Compaq insight agents, but I see nothing in there that sets this up. We have another dozen Compaq servers around here also running the Compaq agents that are not doing this. I do not know it is Insight, but am curious what it is. Ring any bells? Thanks in advance, Linwood Ferguson
Current thread:
- Port 2301; Address 129.70.136.250 Ferguson, Linwood (May 07)
- <Possible follow-ups>
- Re: Port 2301; Address 129.70.136.250 Bill Pennington (May 08)