May 20th, 2004 01:10 PM
Scan Initiating from Port 42424
I have discovered traffic originating from a MS XP system, which is slowly conducting an UDP scan against my Active Directory Server. All of the traffic is inititated from port 42424. I had the user run a McAfee antivirus scan, with negative results returned to my consolidation server.
Now, I know that MS .NET service runs on port 42424, but I would not expect for the MS .NET service to initiate scans from this port, listening yes, scanning no.
Anyways, I have Googled and searched for the port number in Sophos and came up empty. My initial thought is a possible trojan on the XP system, but before I waste too much time on this I wanted to pool AO and see if anyone here has encountered or is encountering a similar situation where the traffic is legit.
Thanks in advance everyone.
The mentally handicaped are persecuted in this great country, and I say rightfully so! These people are NUTS!!!!