Solved

Strange Syslog Traffic - Norton Antivirus - NAT

Posted on 2006-06-23
5
253 Views
Last Modified: 2013-12-04
I have traffic from the Norton Antivirus (NA) port.  NA seems to be systematically cycling through IP addresses within a certain range.  The station is a workstation and not a server.  This was all in one subnet (sortof).  The subnet was much smaller than the range of IP addresses.  The next thing I saw was NAT translation Denies to traffic that should be local.  It sounds like a virus or a scan.  Any suggestions?  This is really bizarre. The only thing they did on that box is switch DNS servers just before that.  Any explinations?  It is in an AD domain.
0
Comment
Question by:awakenings
  • 3
  • 2
5 Comments
 

Author Comment

by:awakenings
ID: 16972373
Okay...  Something else they neglected to tell me.  It was a NA server.  Why would it scan random IPs?
0
 

Author Comment

by:awakenings
ID: 16972379
well sequentially ordered IP's?
0
 
LVL 32

Accepted Solution

by:
r-k earned 500 total points
ID: 16973681
Are these IP's in your subnet?

If not, maybe they belong to Symantec (you can check at http://www.arin.net/) and the program may be trying to contact a server for updates.

0
 

Author Comment

by:awakenings
ID: 16973687
Hey r-k...  I forgot I solved it.  I'll give you points for trying, but it is the AV server sending out network queries to IPs in our own subnet.  It worried me as it looked like it may have been a scan or virus as some operate in those ways.
0
 
LVL 32

Expert Comment

by:r-k
ID: 16973733
Thanks for the points and the update :)
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question