ECTED]]
Sent: Thursday, December 19, 2002 5:09 PM
To: [EMAIL PROTECTED]; 'Security Focus (E-mail)'
Subject: RE: Port 2848
Hi all,
I don't want to jump the gun and make this something its not, but this
posting bears very similar resemblance to an issue I was working on with a
clien
Hi all,
I don't want to jump the gun and make this something its not, but this
posting bears very similar resemblance to an issue I was working on with
a client.
At approximately 13 minute intervals my client was seeing repeat traffic
through his network to very similar addresses from a handful o
Hi nathan:
I think your right.
2847
tcp/udp
aimpp-port-req
AIMPP Port Req
2848
tcp/udp
amt-blc-port
AMT-BLC-PORT
2849
tcp/udp
fxp
FXP
Hope this helps
DS-
-Original Message-
From: Nathan [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 18, 2002 11:30 AM
To: Secu
Forgot to "Reply to All"...
Nathan,
Using VisualRoute on my PC I checked those 3 IP's. They are all
Gateway's at Symantec. It looks like what you are seeing is possibly
Norton Antivirus' LiveUpdate going out to try and check for update...
that's just a guess on my part.
mike heitz ** sr it manag
Nathan,
An ARIN search on the IP addresses you mentioned
reveals:
206.204.212.226 is owned by ConXioN Corporation,
according to ARIN. Nslookup reveals that the name of
the host is "gw02entry01.gw02.dis.symantec.com".
206.204.52.98 is also "owned by" ConXion, but it's
name is "gw01entry01.gw01.d