[OPLINTECH] Port Scans from Domain Controllers
Chad Salamon
chadsalamon at neo.rr.com
Thu Apr 21 13:55:30 EDT 2005
Some updates. One suspicious entry in the perimeter firewall --
Apr 21 10:52:32 156.63.130.100 66.213.124.203
UDP : 1105 ACCEPT
That IP is a State of Ohio IP, and I don't know what could possibly run
on udp 1105. I have no idea if this is related. Also, is there a reason
why I can't stop the Terminal Services service. All buttons were grayed
out on the service, and it was started. I was able to disable it, but
that won't actually take affect until after a restart. It just looked
suspicious.
Chad Salamon
Library Systems Administrator
Stow-Monroe Falls Public Library
330-688-3295
csalamon at oplin.org
Chad Salamon wrote:
> I have Sygate firewall installed on my machine and I noticed this
> morning that I was being port scanned from both domain controllers
> (windows 2000) on our network. Both domain controllers initiated a
> port scan almost simultaneously. They scanned UDP ports 1179, 1191,
> 1201, and 1215. I've never seen traffic like this coming from the
> domain controllers. Does this sound like something innocent -- or do
> we have a problem? I will continue researching this, but any ideas or
> suggestions would be greatly appreciated.
> --
> Chad Salamon
> Library Systems Administrator
> Stow-Monroe Falls Public Library
> 330-688-3295
> csalamon at oplin.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20050421/7249d911/attachment.htm>
More information about the OPLINTECH
mailing list