Advertisement

04.30.2007 at 07:35AM PDT, ID: 22542595
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
7.2

Strange traffic found in log destination broadcast udp port 5555?

Asked by pixel3000 in Intrusion Detection Systems (IDS), Network Software Firewalls, Network Security

Tags: , , ,

In syslogs on a remote router on a network I noticed some strange traffic in the log
:
protocol, id, time, state, source, destination, source port, destination port:

udp 17 11   192.168.30.4 255.255.255.255 32769 5555   [UNREPLIED] 255.255.255.255 192.168.3.2 5555 32769 use=1 **questionable traffic**
udp 17 28   192.168.30.5 255.255.255.255 32769 5555   [UNREPLIED] 255.255.255.255 192.168.3.3 5555 32769 use=1 **questionable traffic**
udp 17 15   192.168.30.6 255.255.255.255 32769 5555   [UNREPLIED] 255.255.255.255 192.168.3.4 5555 32769 use=1 **questionable traffic**
udp 17 29   192.168.30.7 255.255.255.255 32769 5555   [UNREPLIED] 255.255.255.255 192.168.3.5 5555 32769 use=1 **questionable traffic**
tcp 6 431999 ESTABLISHED  10.0.25.116 209.144.144.50 1131 443 **valid ssl traffic from subscriber**

The strange thing about it is that the state is empty (blank) vs having Established, listening, etc listed. Also the IP addresses (192.168.x.x) are on a subnet NOT used on the lan side of the controller and would be unknown devices. Also the destination IP is a broadcast 255.255.255.255 address. The router is a Valuepoint WC3000 controller (v10007 fw 01.00.66c bootrom 1.01) which is basically a gateway router with build in wireless. Any ideas what this traffic could be, sending udp to a broadcast ip over port 5555? Unfortunately there is no arp entry for these IP addresses since they are not users authenticated or on dhcp.
Thanks in advance!
Start Free Trial
[+][-]04.30.2007 at 11:33AM PDT, ID: 19003485

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Intrusion Detection Systems (IDS), Network Software Firewalls, Network Security
Tags: port, 5555, udp, broadcast
Sign Up Now!
Solution Provided By: infotactix
Participating Experts: 2
Solution Grade: B
 
 
[+][-]04.30.2007 at 11:39AM PDT, ID: 19003532

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04.30.2007 at 01:52PM PDT, ID: 19004583

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]04.30.2007 at 01:53PM PDT, ID: 19004589

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]04.30.2007 at 01:55PM PDT, ID: 19004600

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]04.30.2007 at 02:00PM PDT, ID: 19004645

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32