Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
853
Views
0
Helpful
1
Replies

Tcp ports during update

LUCA CARMINATI
Level 1
Level 1

‎10-10-2011 02:30 AM

Hi guys,

which tcp ports normally Ironport WSA uses to communicate for update or during normal operations ?

Customer where we are installing 2 S160 ,send me this alert log from existing Checkpoint IPS , where src is ironport (10.0.1.5) dst is ip address (10.0.0.97) of Windows AD, DNS and NTP server .

8Oct2011  7:36:47 drop   80.207.58.46 >eth2 mail product: SmartDefense; TCP flags: FIN; Attack Info: TCP flags do not make sense; attack: Bad packet; src: 10.0.1.5; s_port: 7745; dst: 10.0.0.97; service: ldap; proto: tcp;

This log is generated every 15 min, so i believe that is something related to update, but service type ldap give me some doubt.

May be wsa check AD every 15 min ?

Thanks

Best regards

Luca

Labels:
0 Helpful
1 Reply 1

Ken Stieers
VIP
VIP

‎10-10-2011 08:57 AM

Luca,

I'm pretty sure that's a "health" check on the LDAP connection to your domain controller.  If that fails, the WSA could alert you that it can't get to the domain controller to auth users... 

If your box is joined to the domain, it could be related to the the secure channel too..

Ken

0 Helpful
Top