Solved

Strange Syslog Traffic - Norton Antivirus - NAT

Posted on 2006-06-23
5
251 Views
Last Modified: 2013-12-04
I have traffic from the Norton Antivirus (NA) port.  NA seems to be systematically cycling through IP addresses within a certain range.  The station is a workstation and not a server.  This was all in one subnet (sortof).  The subnet was much smaller than the range of IP addresses.  The next thing I saw was NAT translation Denies to traffic that should be local.  It sounds like a virus or a scan.  Any suggestions?  This is really bizarre. The only thing they did on that box is switch DNS servers just before that.  Any explinations?  It is in an AD domain.
0
Comment
Question by:awakenings
  • 3
  • 2
5 Comments
 

Author Comment

by:awakenings
ID: 16972373
Okay...  Something else they neglected to tell me.  It was a NA server.  Why would it scan random IPs?
0
 

Author Comment

by:awakenings
ID: 16972379
well sequentially ordered IP's?
0
 
LVL 32

Accepted Solution

by:
r-k earned 500 total points
ID: 16973681
Are these IP's in your subnet?

If not, maybe they belong to Symantec (you can check at http://www.arin.net/) and the program may be trying to contact a server for updates.

0
 

Author Comment

by:awakenings
ID: 16973687
Hey r-k...  I forgot I solved it.  I'll give you points for trying, but it is the AV server sending out network queries to IPs in our own subnet.  It worried me as it looked like it may have been a scan or virus as some operate in those ways.
0
 
LVL 32

Expert Comment

by:r-k
ID: 16973733
Thanks for the points and the update :)
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now