Unidentified UDP traffic from Exchange servers after desktop firewall installed
After installing a desktop firewall package we noticed some "random" UDP traffic that appears to be originating from our Exchange servers (Exchange 2000 on W2K server). This traffic is coming from random high ports (for example 35157 and 42494) and is being directed at ports 1140 and 1158 on the client machines.
Normally we would just consider this to be typical Exchange new mail notification traffic on port 1024 and above, however we're only seeing this traffic being directed at a small number workstations using the desktop firewall.
Anyone have any thoughts as to what this might be? I’ve been searching Google for answers the last day and a half with no luck.
I’m waiting on authorization to sniff the traffic so we can see exactly what is in the packets, but in the mean time I’m trying to get any other suggestions we can get.
Re: Unidentified UDP traffic from Exchange servers after desktop firewall installed
Quote:
Originally posted here by wild16976
After installing a desktop firewall package we noticed some "random" UDP traffic that appears to be originating from our Exchange servers (Exchange 2000 on W2K server). This traffic is coming from random high ports (for example 35157 and 42494) and is being directed at ports 1140 and 1158 on the client machines.
Normally we would just consider this to be typical Exchange new mail notification traffic on port 1024 and above, however we're only seeing this traffic being directed at a small number workstations using the desktop firewall.
Anyone have any thoughts as to what this might be? I’ve been searching Google for answers the last day and a half with no luck.
I’m waiting on authorization to sniff the traffic so we can see exactly what is in the packets, but in the mean time I’m trying to get any other suggestions we can get.
What is the client version on the machines that have the "weird" traffic? You will definitely see different patterns of traffic with different versions of outlook. Before outlook 2000 you should be a lot of dsproxy traffic that you will only see on those clients.
