Yeah, just haven't had time to get Wireshark running (again). Thanks,
Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians & Associates, PA jra...@eaglemds.com<BLOCKED::mailto:%20jra...@eaglemds.com> www.eaglemds.com<BLOCKED::http://www.eaglemds.com/> ________________________________ From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, September 16, 2010 12:43 PM To: NT System Admin Issues Subject: Re: security concern - ESX host repeatedly hitting external IP... Sniff the traffic... :) ASB (My XeeSM Profile)<http://XeeSM.com/AndrewBaker> Exploiting Technology for Business Advantage... On Thu, Sep 16, 2010 at 11:22 AM, Raper, Jonathan - Eagle <jra...@eaglemds.com<mailto:jra...@eaglemds.com>> wrote: We're getting ready to decommission an old router, and almost all of the traffic to and through it (except broadcast) has stopped. I'm reviewing the syslog, and keep seeing this: 9/16/2010 8:36:50 AM [Internal Router Private IP Address] Informational SEC-6-IPACCESSLOGP 651364: 44w0d: %SEC-6-IPACCESSLOGP: list permit_any permitted udp [ESX Private IP Address](0) -> 72.18.205.156(0), 1 packet I've asked our VMware admin to look over his host configuration to make sure he isn't pointing to the old router, but he says everything is "fine." Anyone else seen this or have any ideas as to why I'm seeing this traffic? Upon Googling said IP Address, it appears that it may be part of pool.ntp.org<http://pool.ntp.org>, but I cannot confirm this. This host is located in Warminster, PA, according to some sites. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians & Associates, PA jra...@eaglemds.com<mailto:jra...@eaglemds.com> www.eaglemds.com<http://www.eaglemds.com> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ________________________________ Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin