After installing a desktop firewall package we noticed some "random" UDP traffic that appears to be originating from our Exchange servers (Exchange 2000 on W2K server). This traffic is coming from random high ports (for example 35157 and 42494) and is being directed at ports 1140 and 1158 on the client machines.

Normally we would just consider this to be typical Exchange new mail notification traffic on port 1024 and above, however we're only seeing this traffic being directed at a small number workstations using the desktop firewall.

Anyone have any thoughts as to what this might be? I’ve been searching Google for answers the last day and a half with no luck.

I’m waiting on authorization to sniff the traffic so we can see exactly what is in the packets, but in the mean time I’m trying to get any other suggestions we can get.