General discussion

Locked

NGS Sniff

By dnvrtechgrrl ·
NGS Sniff is showing that an outside IP (255.255.255.255) is pinging UDP 47474.

Anyone know of any legitimate reason to be knocking on a door that far up the number chain?

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Sounds erronous

by jmgarvin In reply to NGS Sniff

I would bet it is a routing issue if you are using Cisco stuff. I would assume some routing table configuration error.

255.255.255.255 is a Class C that can't come from the outside...check your router.

Collapse -

That's what I thought.

by dnvrtechgrrl In reply to Sounds erronous

I'm wondering more if it isn't my reporting utilty though. I have a few showing up that should be the inside IP's contacting the outside but it's reversed in the reporting screen.

I'll give Snort a shot and see if it's not corrected there.

Thanks!

Collapse -

DOS Spoof

by djameson In reply to NGS Sniff

My Netscreen got DOSed about 2 weeks ago, I was a couple versions behind due to some client issues. My packet sniffer showed a simular pattern, the source address was spoofed.

Collapse -

esker software

by brian.peck In reply to NGS Sniff

Are you running any software from www.esker.com? I found this same port and it was tied to eslcbcst.exe running in task manager. We are running smarterm from these folks. Trying to find support number to call them and ask why,

Back to Security Forum
4 total posts (Page 1 of 1)  

Security Forums