Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Strange Syslog Traffic - Norton Antivirus - NAT

Posted on 2006-06-23
5
Medium Priority
?
258 Views
Last Modified: 2013-12-04
I have traffic from the Norton Antivirus (NA) port.  NA seems to be systematically cycling through IP addresses within a certain range.  The station is a workstation and not a server.  This was all in one subnet (sortof).  The subnet was much smaller than the range of IP addresses.  The next thing I saw was NAT translation Denies to traffic that should be local.  It sounds like a virus or a scan.  Any suggestions?  This is really bizarre. The only thing they did on that box is switch DNS servers just before that.  Any explinations?  It is in an AD domain.
0
Comment
Question by:awakenings
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 

Author Comment

by:awakenings
ID: 16972373
Okay...  Something else they neglected to tell me.  It was a NA server.  Why would it scan random IPs?
0
 

Author Comment

by:awakenings
ID: 16972379
well sequentially ordered IP's?
0
 
LVL 32

Accepted Solution

by:
r-k earned 1500 total points
ID: 16973681
Are these IP's in your subnet?

If not, maybe they belong to Symantec (you can check at http://www.arin.net/) and the program may be trying to contact a server for updates.

0
 

Author Comment

by:awakenings
ID: 16973687
Hey r-k...  I forgot I solved it.  I'll give you points for trying, but it is the AV server sending out network queries to IPs in our own subnet.  It worried me as it looked like it may have been a scan or virus as some operate in those ways.
0
 
LVL 32

Expert Comment

by:r-k
ID: 16973733
Thanks for the points and the update :)
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question