Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
915
Views
0
Helpful
1
Replies

send sync to *.*.*.*:8081 8082 ,plz help .

syjeon
Level 1
Level 1

‎01-20-2005 12:13 AM - edited ‎03-09-2019 10:03 AM

In our site.

Specific host send sync to firewall using port 8081, 8082 constantly

a specific host is 10.1.1.13, 10.1.1.12

but the host is not real host.

we ping to 10.1.1.13, 10.1.1.12. but it doesn't reply our ping request.

So we searched to specific host's mac address in 6509

we lunched show ip arp | inc 10.1.1.13 , but the result didn't show to nothing

In my think. the attack supposed to ip spoofing .

if this attack is ip spoofing. how can i find the host that's flooding ip address, which didn't exist in our network.

is it a worm virus? anyone who suffered like to me?

have a good time.

Labels:
0 Helpful
1 Reply 1

jmia
Level 7
Level 7

‎01-20-2005 12:32 AM

Have you tried using a network protocol analyser, like Ethereal, you can download the software freely from here: http://www.ethereal.com

Try the above software and do a packet capture for port 8081 and 8082.

Also, do you have a primeter firewall, i.e. PIX, if so then you can write a ACL filter for those ports and apply it to you inside interface to check if there is any propergation from you internal network going out.

Also, I recall from a conversation with one of my Anti-virus engineers that McAfee e-policy uses port 8081 to update client PCs with latest anti-virus updates. Do you have McAfee e-policy running on the inside network?

If you need further help then let me know.

Jay

0 Helpful
Customers Also Viewed These Support Documents