Thanks guys. I'll twiddle with the registry settings and see if I can squash it.
And yes, I'm embarrassed that I messed up the search - it seemed folly searching for
an IP address, but I guess not :)
Cheers
Geoff
-----Original Message-----
From: Buddy Venne [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 21, 2000 11:55 PM
To: 'Claussen, Ken'; [EMAIL PROTECTED]; 'List: Firewall'
Subject: RE: Log entry: WINS.EXE -> external machine
I just did a google search on
"224.0.1.24" port 42
and got lots of indications that "searching for auto-replication partners "
is what you are seeing.
One of those matches may be a possible fix for you:
http://www.hum.auc.dk/~magnus/MHonArc/NTSEC/msg04943.html
but it's a registry edit, so standard disclaimers apply
In any case it(42) sounds like something I should block before the
perimeter. Anyone else care to comment?
Buddy Venne
WAN/LAN Specialist
Onyx Acceptance
(949) 465-3775
-----Original Message-----
From: Claussen, Ken [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 21, 2000 7:48 PM
To: 'Geoff Bonallack'; 'List: Firewall'
Subject: RE: Log entry: WINS.EXE -> external machine
http://www2.dgsys.com/~lkh/imulttca.html Once again prevails in under
2.5seconds the seventh choice on the first search. It is a Multicast
address
for a Microsoft-ds name server It is a Mutlicast Address, but I am not sure
how or if it is used.. It is assigned in RFC 1700 Port 445 TCP/UDP, it is
strange that your logs show port 42. I have seen this on several servers
also, but not all. Does anyone else know more? [EMAIL PROTECTED] was
found in reference to this item on another page., perhaps he has the
answers.
Ken
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Geoff Bonallack
Sent: Thursday, December 21, 2000 3:57 PM
To: List: Firewall
Subject: Log entry: WINS.EXE -> external machine
Hi,
I am wondering if anyone can help me with a strange log entry I am getting.
We are
running a personal firewall while we await the full monty, and on our WINS
server we
are getting a blocked outwards attempt:
Blocked: Out UDP localhost:42->224.0.1.24:42, Owner:
C:\WINNT.SBS\SYSTEM32\WINS.EXE
It is happening at very regular intervals (twice, exactly every 40 minutes)
and I was
wondering if it might be related to replication? Our WINS server currently
doesn't
have any replication partners, and I can't find any defaults that point to
an outside
source.
The info I can find on port 42 is:
nameserver 42/udp Host Name Server
Any ideas?
Thanks in advance,
Geoff Bonallack
PGP Key ID: 0x3541A954
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
