[OPLINTECH] Port Scans from Domain Controllers

Chad Salamon csalamon@oplin.org
Thu, 21 Apr 2005 10:25:07 -0400 

This is a multi-part message in MIME format.
--------------020806010201070101090902
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

I have Sygate firewall installed on my machine and I noticed this 
morning that I was being port scanned from both domain controllers 
(windows 2000) on our network.  Both domain controllers initiated a port 
scan almost simultaneously. They scanned UDP ports 1179, 1191, 1201,  
and 1215. I've never seen traffic like this coming from the domain 
controllers. Does this sound like something innocent -- or do we have a 
problem? I will continue researching this, but any ideas or suggestions 
would be greatly appreciated.
-- 
Chad Salamon
Library Systems Administrator
Stow-Monroe Falls Public Library
330-688-3295
csalamon@oplin.org

--------------020806010201070101090902
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
I have Sygate firewall installed on my machine and I noticed this
morning that I was being port scanned from both domain controllers
(windows 2000) on our network.&nbsp; Both domain controllers initiated a
port scan almost simultaneously. They scanned UDP ports 1179, 1191,
1201,&nbsp; and 1215. I've never seen traffic like this coming from the
domain controllers. Does this sound like something innocent -- or do we
have a problem? I will continue researching this, but any ideas or
suggestions would be greatly appreciated.<br>
<div class="moz-signature">-- <br>
<meta content="text/html;" http-equiv="Content-Type">
Chad Salamon
<br>
Library Systems Administrator
<br>
Stow-Monroe Falls Public Library
<br>
330-688-3295
<br>
<a class="moz-txt-link-abbreviated" href="mailto:csalamon@oplin.org">csalamon@oplin.org</a>
<br>
</div>
</body>
</html>

--------------020806010201070101090902--