Solved

Strange Syslog Traffic - Norton Antivirus - NAT

Posted on 2006-06-23
5
254 Views
Last Modified: 2013-12-04
I have traffic from the Norton Antivirus (NA) port.  NA seems to be systematically cycling through IP addresses within a certain range.  The station is a workstation and not a server.  This was all in one subnet (sortof).  The subnet was much smaller than the range of IP addresses.  The next thing I saw was NAT translation Denies to traffic that should be local.  It sounds like a virus or a scan.  Any suggestions?  This is really bizarre. The only thing they did on that box is switch DNS servers just before that.  Any explinations?  It is in an AD domain.
0
Comment
Question by:awakenings
  • 3
  • 2
5 Comments
 

Author Comment

by:awakenings
ID: 16972373
Okay...  Something else they neglected to tell me.  It was a NA server.  Why would it scan random IPs?
0
 

Author Comment

by:awakenings
ID: 16972379
well sequentially ordered IP's?
0
 
LVL 32

Accepted Solution

by:
r-k earned 500 total points
ID: 16973681
Are these IP's in your subnet?

If not, maybe they belong to Symantec (you can check at http://www.arin.net/) and the program may be trying to contact a server for updates.

0
 

Author Comment

by:awakenings
ID: 16973687
Hey r-k...  I forgot I solved it.  I'll give you points for trying, but it is the AV server sending out network queries to IPs in our own subnet.  It worried me as it looked like it may have been a scan or virus as some operate in those ways.
0
 
LVL 32

Expert Comment

by:r-k
ID: 16973733
Thanks for the points and the update :)
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question