Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

[Fwd: strange packets]

From: "Jason R. Seats" <Jason.Seats () TechGuardSecurity com>
Date: Mon, 25 Jun 2001 16:24:33 -0500

-- 
Jason Seats
Information Security Software Engineer
TechGuard Security
jason.seats () techguardsecurity com
www.techguardsecurity.com
636-519-4848
--- Begin Message --- From: "Jason R. Seats" <Jason.Seats () TechGuardSecurity com>
Date: Mon, 25 Jun 2001 16:07:51 -0500
max wrote:


224.0.0.0-239.255.255.255 are multicast addresses. That machine is
probably somehow misconfigured and is trying to talk to a multicast group,
to be more precise, is trying to join a multicast group. Might be a
software issue, if that machine is running something like cuseeme (or any
other real time conferencing software) software, that could explain it.


It is happening from every machine on the local subnet, with some
occasional traffic to other mcast ip's like:

SVRLOC.MCAST.NET.427
SVRLOC-DA.MCAST.NET.427
MICROSOFT-DS.MCAST.NET.42

also,
IGMP to 224.0.0.2

I'm not sure what is going on here.

-- 
Jason Seats
Information Security Software Engineer
TechGuard Security
jason.seats () techguardsecurity com
www.techguardsecurity.com
636-519-4848

--- End Message ---

----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: