strange UDP packets being sent out to internet

vernono2000 · Aug 7, 2003

I have noticed this behaviour in the firewall logs.The machine is a windows 2000 professional behind a firewall.
Very regularly, it sends out a UDP packet to an external address on the internet like this --> internalIP

ort1027 destination externalIP

ort 161; the packets are always the same size.I understand SNMP uses this port , but after looking up the external IP in whois, I see no reason at all that the win2k machine should be doing this. In the meantime, I have scanned this machine for trojan programs, which turned up negative.Also, I have blocked these packets at the firewall so they are being dropped and I do not notice any other suspicious traffic to or from this machine to the internet .

bbandolero · Aug 7, 2003

The behavior you see is as if an SNMP agent is sending a trap to a SNMP console.

If connection always starts from 1027/UDP (a registered port 1024-65535), probably there is an application installed there.

After checking port numbers in IANA

http://www.iana.org/assignments/port-numbers

You can check that port 1027/UDP is associated to the File Sharing Application EXOSEE.

http://chagdali.free.fr/exosee/

Try Fport to see which application is associated to each port (

http://www.foundstone.com)

I hope this help.

bbandolero

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

strange UDP packets being sent out to internet

vernono2000

MIS

bbandolero

IS-IT--Management

Similar threads

Part and Inventory Search

Sponsor