Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] service 41508

To: [email protected]
Subject: Re: [FW1] service 41508
From: Jason Witty <[email protected]>
Date: Tue, 12 Sep 2000 12:20:36 -0500
Cc: [email protected]
References: <[email protected]>
Sender: [email protected]

Laurin,

>From http://www.wittys.com/files/all-ip-numbers.txt (a port list I
maintain), 

symantec        41508/udp  Symantec Directed discovery broadcast

This is basically your symantec anti-virus software doing directed IP
broadcasts (I can't remmber off hand why it does that, but it has
something to do with looking for signature update servers.).  It's
fairly harmless from a security standpoint, but if you want the traffic
to stop, I'd contact Symantec and ask them how to disable the directed
broadcast portion of their AV software.  Hope this helps!

Jason

http://www.wittys.com
http://www.securitystats.com

Laurin Buchanan wrote:
> 
> Greetings Firewallers:
> 
> Does anyone know what might legitimately use service 41508, or a
> vulnerability that is based on this service?  I've checked IANA list, this
> specific port is in the "unassigned" group.  All of a sudden my fw-1 logs
> are flooded with dropped entries to my DMZ broadcast address on this
> service:
> 
> Service | source | destination | protocol | rule | length
> 41508 | Firewall_External | X.X.X..255 | udp | cleanup | 216
> 
> Our FW-1 is 3.0b patch 3068 (yes, I know, upgrade is planned for first week
> in October) on NT4 SP4. We're using NAT and routing valid DMZ addresses to
> the firewall, which then forwards packets to the servers.
> 
> I don't like fact that the destination is the firewall_external object, but
> I am unclear on what the difference is between that designation and the
> actual IP address of the external interface of the firewall, which I
> occassionally see in the logs.  Ive taken a quick look at some of the
> standard online & offline references and I'm still unclear as to what this
> might all mean.  Any information you can provide would be greatly
> appreciated.
> 
> thanks in advance,
> 
> Laurin Buchanan, Manager, Internet Services / Webmaster
> National Music Publishers Association & The Harry Fox Agency, Inc.
> www.songfile.com | www.lyrics.ch | www.nmpa.org
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] service 41508
  - From: [email protected] (Laurin Buchanan)

Prev by Date: RE: [FW1] service 41508
Next by Date: [FW1] merge fw log - please help
Previous by thread: [FW1] service 41508
Next by thread: Re: [FW1] service 41508
Index(es):
- Date
- Thread