IDS 4215 Picking up Net Sweep-echo

- C
- Chris
  
  Contact options for registered users
posted
18 years ago

Mon, May 2, 2005 1:34 PM

I have a new Exchange 2003 server with Groupshield 6.0 and VirusScan

8.0i running on it (up to date of course) and one of my 4215's is picking up traffic from it to each of my AD Domain Controllers and logging scores of intrustion alerts. I suspect that it is legitimate traffic as the server is fully patched and had never been on the network without a fully up to date antivirus running on it, and due to the fact that it's only sending the "suspect" packets to my domain ; however, I can't fnid any information online to support this. Does anyone know of any legitimate traffic where source is port 8 on and Exchange server and the destination is port 0 on all Domain Controllers? Thanks...

Loading thread data ...

- N
- NETWORK_GURU
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Wed, May 4, 2005 8:25 PM

I too am seeing this same activity on my IDS 4230.

Have you gotten any more info on wheather this is Malicious or not?

Thanks much, Shawn

- N
- NETWORK_GURU
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Thu, May 5, 2005 4:14 PM

Just an update. My events were being caused by LANDESK and its device monitoring utility. Thanks, Shawn

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.