Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] UDP port 1101 and 1109?

To: "'[email protected]'" <[email protected]>, "'[email protected]'" <[email protected]>
Subject: [FW1] UDP port 1101 and 1109?
From: Ian Campbell <[email protected]>
Date: Thu, 7 Sep 2000 13:09:13 -0700
Sender: [email protected]

Hi Firewallers,

I had a little 'incident' last nite. Some AT&T Global dialup customer with
apparently nothing better to do but sit and monitor his Blackice (or
whatever) logs called, wrote, paged and spammed everyone here because he
claimed we were 'port-scanning' his machine. A portion of his logs that he
sent follows:

FWIN,2000/09/06,18:28:18 -8:00
GMT,208.x.x.x:44224,32.102.x.x:1101,UDP
FWIN,2000/09/06,18:28:18 -8:00
GMT,208.x.x.x:44227,32.102.x.x:1109,UDP
FWIN,2000/09/06,18:29:18 -8:00
GMT,208.x.x.x:44232,32.102.x.x:1101,UDP
FWIN,2000/09/06,18:29:18 -8:00
GMT,208.x.x.x:44235,32.102.x.x:1109,UDP
FWIN,2000/09/06,18:30:20 -8:00
GMT,208.x.x.x:44237,32.102.x.x:1101,UDP

It appears that our FW module (208.x.x.x) was repeatedly trying to connect
to his UDP port 1101 and 1109 for a period of about 18 minutes. My logs show
nothing for this period. Any of you bright sparks have a guess as to what
this might have been?

UDP 1101 is apparently pt2-discover (registered by siemens.de), but apart
from that I have no clue on this one. Any takers? Thanks,

Ian



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Hybrid IKE Securemote problem
Next by Date: Re: [FW1] Nokia Routing guru question ????
Previous by thread: [FW1] Migrating From Token Ring To Ethernet
Next by thread: [FW1] Client Auth/Redirect on Fail
Index(es):
- Date
- Thread