IDS 4215 Picking up Net Sweep-echo

Discussion in 'Cisco' started by Chris, May 2, 2005.

  1. Chris

    Chris Guest

    I have a new Exchange 2003 server with Groupshield 6.0 and VirusScan
    8.0i running on it (up to date of course) and one of my 4215's is
    picking up traffic from it to each of my AD Domain Controllers and
    logging scores of intrustion alerts. I suspect that it is legitimate
    traffic as the server is fully patched and had never been on the
    network without a fully up to date antivirus running on it, and due to
    the fact that it's only sending the "suspect" packets to my domain ;
    however, I can't fnid any information online to support this. Does
    anyone know of any legitimate traffic where source is port 8 on and
    Exchange server and the destination is port 0 on all Domain
    Controllers? Thanks...
     
    Chris, May 2, 2005
    #1
    1. Advertisements

  2. Chris

    NETWORK_GURU Guest

    I too am seeing this same activity on my IDS 4230.
    Have you gotten any more info on wheather this is Malicious or not?

    Thanks much,
    Shawn
     
    NETWORK_GURU, May 4, 2005
    #2
    1. Advertisements

  3. Chris

    NETWORK_GURU Guest

    Just an update.
    My events were being caused by LANDESK and its device monitoring
    utility.
    Thanks,
    Shawn
     
    NETWORK_GURU, May 5, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.