Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Unknown Broadcast Traffic (sygate manager?)

From: Blair Strang <Blair.Strang () CHELMER CO NZ>
Date: Tue, 30 Jan 2001 18:56:01 +1300
Here's a wild (but I think plausible) stab:

My guess is that it's  the sygate manager (sygate is nat/connection
sharing software) broadcasting on port 39213. Basically a proprietary
discovery protocol used to find other machines running sygate.

Perhaps someone running sygate could confirm this? (I would suggest
sniffing on the local network while sygate manager is running, looking
for udp broadcasts...)

See: http://www.sygate.com/support/documents/fix.htm - they changed
the manager port to 39213/UDP after build 521.

Couldn't find any other useful docs on sygate.com however.
("Our documentation is full of nutritious marketspeak! Yet still has
only 0.5 calories of actual information in each megabyte!")

Regards,

    Blair.

P.S: If it is sygate, and it's sending these out the "internet"
interface, it seems likely it's misconfigured.

--
[ Warning: a .sig virus was detected in this signature. It has
  been cleaned by memesweeper 3.0 ]




-----Original Message-----
From: claymore [mailto:claymore () ADELPHIA NET]
Sent: Saturday, January 27, 2001 7:20 AM
To: INCIDENTS () SECURITYFOCUS COM
Subject: Unknown Broadcast Traffic


I am trying to figure out what is causing the traffic shown
below. I cannot
find anything that would create it and have been receiving continued
reports. Has anyone seen this?

Claymore
the unprofound

FWIN  2001/01/22  18:14:46 -5:00 GMT  24.50.40.65:1027
24.255.255.255:39213
UDP
FWIN  2001/01/22  18:14:46 -5:00 GMT  24.50.40.65:1028
24.255.255.255:39213
UDP
FWIN  2001/01/22  18:14:48 -5:00 GMT  24.50.40.65:1029
24.255.255.255:39213
UDP
FWIN  2001/01/22  18:14:48 -5:00 GMT  24.50.40.65:1030
24.255.255.255:39213
UDP
FWIN  2001/01/22  18:14:48 -5:00 GMT  24.50.40.65:1031
24.255.255.255:39213
UDP
FWIN  2001/01/22  18:14:50 -5:00 GMT  24.50.40.65:1032
24.255.255.255:39213
UDP
FWIN  2001/01/22  18:14:50 -5:00 GMT  24.50.40.65:1033
24.255.255.255:39213
UDP
FWIN  2001/01/22  18:14:52 -5:00 GMT  24.50.40.65:1034
24.255.255.255:39213
UDP



--
The information contained in this e-mail and any attachments is confidential
and is intended for the attention and use of the named addressee(s) only.
Any views expressed in this message are those of the individual sender and
may not necessarily reflect the views of Chelmer Limited.
Previous By Date Next
Previous By Thread Next

Current thread: