|
-
March 28th, 2006, 12:04 AM
#1
Junior Member
Unidentified UDP traffic from Exchange servers after desktop firewall installed
After installing a desktop firewall package we noticed some "random" UDP traffic that appears to be originating from our Exchange servers (Exchange 2000 on W2K server). This traffic is coming from random high ports (for example 35157 and 42494) and is being directed at ports 1140 and 1158 on the client machines.
Normally we would just consider this to be typical Exchange new mail notification traffic on port 1024 and above, however we're only seeing this traffic being directed at a small number workstations using the desktop firewall.
Anyone have any thoughts as to what this might be? I’ve been searching Google for answers the last day and a half with no luck.
I’m waiting on authorization to sniff the traffic so we can see exactly what is in the packets, but in the mean time I’m trying to get any other suggestions we can get.
-
March 28th, 2006, 01:53 AM
#2
Re: Unidentified UDP traffic from Exchange servers after desktop firewall installed
Originally posted here by wild16976
After installing a desktop firewall package we noticed some "random" UDP traffic that appears to be originating from our Exchange servers (Exchange 2000 on W2K server). This traffic is coming from random high ports (for example 35157 and 42494) and is being directed at ports 1140 and 1158 on the client machines.
Normally we would just consider this to be typical Exchange new mail notification traffic on port 1024 and above, however we're only seeing this traffic being directed at a small number workstations using the desktop firewall.
Anyone have any thoughts as to what this might be? I’ve been searching Google for answers the last day and a half with no luck.
I’m waiting on authorization to sniff the traffic so we can see exactly what is in the packets, but in the mean time I’m trying to get any other suggestions we can get.
What is the client version on the machines that have the "weird" traffic? You will definitely see different patterns of traffic with different versions of outlook. Before outlook 2000 you should be a lot of dsproxy traffic that you will only see on those clients.
-
March 28th, 2006, 12:46 PM
#3
Here is a list of all the ports that exchange uses.
http://support.microsoft.com/default...;en-us;q278339
Perhaps you cut off communication with the firewalls and exchange is attempting to contact the hosts via alternate means? I've never seen exchange behave this way.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
April 19th, 2006, 05:34 PM
#4
Junior Member
Originally posted here by thehorse13
Here is a list of all the ports that exchange uses.
http://support.microsoft.com/default...;en-us;q278339
Perhaps you cut off communication with the firewalls and exchange is attempting to contact the hosts via alternate means? I've never seen exchange behave this way.
We couldn't get approval to sniff the network traffic to determine what exactly was going on (you have to love office politics) so we told them to adjust their software firewall to allow all traffic from the Exchange servers.
It's certainly not the solution we recommend, but unfortunately we have no administrative control over that agency's workstations.
Thanks for the suggestions anyway. 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
