Outbound traffic on unknown ports to private IP addresses
Posted on 2003-11-17
I am noticing some strange activity on my firewall. There is outbound UDP traffic from two servers (both running Win2K Server & 1 running SQL 2000 & the other Exchange 2000). It is outbound from these servers to private addresses that so not exist on my internal network. The destination IP's are 192.168.32.1 and 192.168.100.1 The ports being used are mainly 1055, 1057 & 1058 but I have noticed 1518, 1520 & 1521 as well. Has anyone seen this before? I've checked virus/event and IIS logs and don't see anything unusual and everything is operating normally. Any suggestions as to what might be causing this would be appreciated.