[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] service 41508
Laurin, >From http://www.wittys.com/files/all-ip-numbers.txt (a port list I maintain), symantec 41508/udp Symantec Directed discovery broadcast This is basically your symantec anti-virus software doing directed IP broadcasts (I can't remmber off hand why it does that, but it has something to do with looking for signature update servers.). It's fairly harmless from a security standpoint, but if you want the traffic to stop, I'd contact Symantec and ask them how to disable the directed broadcast portion of their AV software. Hope this helps! Jason http://www.wittys.com http://www.securitystats.com Laurin Buchanan wrote: > > Greetings Firewallers: > > Does anyone know what might legitimately use service 41508, or a > vulnerability that is based on this service? I've checked IANA list, this > specific port is in the "unassigned" group. All of a sudden my fw-1 logs > are flooded with dropped entries to my DMZ broadcast address on this > service: > > Service | source | destination | protocol | rule | length > 41508 | Firewall_External | X.X.X..255 | udp | cleanup | 216 > > Our FW-1 is 3.0b patch 3068 (yes, I know, upgrade is planned for first week > in October) on NT4 SP4. We're using NAT and routing valid DMZ addresses to > the firewall, which then forwards packets to the servers. > > I don't like fact that the destination is the firewall_external object, but > I am unclear on what the difference is between that designation and the > actual IP address of the external interface of the firewall, which I > occassionally see in the logs. Ive taken a quick look at some of the > standard online & offline references and I'm still unclear as to what this > might all mean. Any information you can provide would be greatly > appreciated. > > thanks in advance, > > Laurin Buchanan, Manager, Internet Services / Webmaster > National Music Publishers Association & The Harry Fox Agency, Inc. > www.songfile.com | www.lyrics.ch | www.nmpa.org > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|