Security Incidents mailing list archives
Re: Port 38293
From: Brian Bothwell <brian () WISDOMTOOLS COM>
Date: Thu, 16 Nov 2000 18:59:42 -0000
I've recently seen a probe on port 38293 coming
from an Windows NT box . Since
this box has exhibited some suspicious behavior
in the past, I'd REALLY like to
know what 38293 is associated with. On the
well-know port list, it's unassigned
and it doesn't match up to any of the known
Trojans.
Bill... William Hayes, Computer Specialist,
Communications & Information Technology
Network Security Consultant, Information
Services Networking & Ops Center
University of Nebraska Lincoln, 201 Miller
Hall, Lincoln NE 68583-0713
E-mail: whayes1 () unl edu
I am seeing this as well, between out NT 4.0 server and a few Win2000 Professional workstations. A quick packet sniff shows the UDP traffic has strings refering to the name of our NT server, as well as "NAV" so I guessed this is Norton AntiVirus Corporate Edition. We have the NAV CE server running on our NT server. The following thread from SANS confirms this: http://www.sans.org/y2k/092300.htm
Current thread:
- Re: Port 38293 Brian Bothwell (Nov 18)