[AG-TECH] FW: Strange Access Grid traffic to port 80 (fwd)
Stewart, Corbin J
cjstewa at sandia.gov
Thu May 16 14:54:03 CDT 2002
Greetings,
I received this email from Hugh saying that he's seeing multicast traffic to
223.2.171.1:80 from our video machine that's running our multicast beacon.
Any ideas why traffic would be going to port 80. We did have an AG meeting
today in the Big Horn room from 8-11am PST. I don't know if that helps.
Thanks in advance
---------------------------------------------------------------
Corbin Stewart cjstewa at sandia.gov
Videoconferencing & Collaborative Environments
Sandia National Laboratories California
925-294-4856
-----Original Message-----
From: Hugh LaMaster [mailto:lamaster at nas.nasa.gov]
Sent: Thursday, May 16, 2002 11:57 AM
To: Ross Gaunt; Scott Miller; Jeff Olsen; Brian Bodtker; Lanette
Radliff; Corbin Stewart; Rich Gay
Subject: Strange Access Grid traffic to port 80 (fwd)
Greetings,
Sorry to bother you all if this turns out to be nothing, but,
I am a little concerned about the following. For some time,
I have been concerned about the potential for using multicast
to scan for certain broken IP stacks. So, I block certain
ports for all multicast groups.
Today, for the first time, I seem to be seeing such traffic.
(Well, I have seen a few things long ago, but, they were
unmistakable as broken software/configurations and othe errors.)
I was surprised that it started coming from both the Sandia
and LLNL access grid beacons at about the same time. So,
perhaps I am being paranoid, but, I have to ask if this is
something you set up on purpose, and, why? If not, is it
a misconfiguration or a security breach? I am trying to
think of a legitimate reason for why traffic would be sent
to the Access Grid multicast group on port 80.
Apologies in advance if I am being obtuse. Just tell me to
go climb back under my rock.
OTOH, if I'm not mistaken, I thought you would want to know.
Regards,
Hugh LaMaster
NASA NREN
============================================================================
==
Hugh LaMaster, M/S 233-21, Email: lamaster at nas.nasa.gov
NASA Ames Research Center Or: lamaster at nren.nasa.gov
Moffett Field, CA 94035-1000 Or: lamaster at kinkajou.arc.nasa.gov
Phone: 650/604-1056 Disc: Unofficial, personal *opinion*.
============================================================================
==
---------- Forwarded message ----------
Date: Thu, 16 May 2002 11:44:43 -0700 (PDT)
From: Hugh LaMaster <lamaster at nas.nasa.gov>
To: Hugh LaMaster <lamaster at kinkajou.arc.nasa.gov>
Subject: Bogus multicast packets to port 80
SLOT 1:May 16 04:58:17.758: %SEC-6-IPACCESSLOGP: list 130 denied udp
192.12.135.2(2632) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:58:18.830: %SEC-6-IPACCESSLOGP: list 130 denied udp
146.246.172.2(2852) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:58:20.250: %SEC-6-IPACCESSLOGP: list 130 denied udp
146.246.172.2(3343) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:58:21.354: %SEC-6-IPACCESSLOGP: list 130 denied udp
146.246.172.2(4913) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:58:22.874: %SEC-6-IPACCESSLOGP: list 130 denied udp
192.12.135.2(2936) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:58:24.122: %SEC-6-IPACCESSLOGP: list 130 denied udp
146.246.172.2(3419) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:58:25.326: %SEC-6-IPACCESSLOGP: list 130 denied udp
146.246.172.2(1994) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:58:26.694: %SEC-6-IPACCESSLOGP: list 130 denied udp
192.12.135.2(3177) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:58:29.310: %SEC-6-IPACCESSLOGP: list 130 denied udp
192.12.135.2(9145) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:58:30.342: %SEC-6-IPACCESSLOGP: list 130 denied udp
192.12.135.2(2974) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:58:31.518: %SEC-6-IPACCESSLOGP: list 130 denied udp
192.12.135.2(3107) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:58:32.530: %SEC-6-IPACCESSLOGP: list 130 denied udp
192.12.135.2(2712) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:58:33.538: %SEC-6-IPACCESSLOGP: list 130 denied udp
192.12.135.2(2573) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:58:34.594: %SEC-6-IPACCESSLOGP: list 130 denied udp
146.246.172.2(3782) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:58:35.802: %SEC-6-IPACCESSLOGP: list 130 denied udp
146.246.172.2(1263) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:58:37.346: %SEC-6-IPACCESSLOGP: list 130 denied udp
192.12.135.2(3651) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:58:38.550: %SEC-6-IPACCESSLOGP: list 130 denied udp
192.12.135.2(3474) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:58:39.650: %SEC-6-IPACCESSLOGP: list 130 denied udp
146.246.172.2(4151) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:58:40.962: %SEC-6-IPACCESSLOGP: list 130 denied udp
192.12.135.2(4300) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:58:43.518: %SEC-6-IPACCESSLOGP: list 130 denied udp
192.12.135.2(49352) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:58:47.962: %SEC-6-IPACCESSLOGP: list 130 denied udp
192.12.135.2(4517) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:58:51.970: %SEC-6-IPACCESSLOGP: list 130 denied udp
146.246.172.2(1728) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:58:53.402: %SEC-6-IPACCESSLOGP: list 130 denied udp
146.246.172.2(3055) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:58:54.834: %SEC-6-IPACCESSLOGP: list 130 denied udp
146.246.172.2(1784) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:58:56.266: %SEC-6-IPACCESSLOGP: list 130 denied udp
146.246.172.2(4724) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:58:58.574: %SEC-6-IPACCESSLOGP: list 130 denied udp
146.246.172.2(3318) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:58:59.674: %SEC-6-IPACCESSLOGP: list 130 denied udp
146.246.172.2(3596) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:59:01.214: %SEC-6-IPACCESSLOGP: list 130 denied udp
146.246.172.2(2306) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:59:02.774: %SEC-6-IPACCESSLOGP: list 130 denied udp
146.246.172.2(3960) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:59:04.646: %SEC-6-IPACCESSLOGP: list 130 denied udp
146.246.172.2(54849) -> 233.2.171.1(37), 1 packet
SLOT 1:May 16 04:59:06.514: %SEC-6-IPACCESSLOGP: list 130 denied udp
146.246.172.2(64768) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:59:08.274: %SEC-6-IPACCESSLOGP: list 130 denied udp
146.246.172.2(4184) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:59:10.502: %SEC-6-IPACCESSLOGP: list 130 denied udp
192.12.135.2(17912) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:59:12.254: %SEC-6-IPACCESSLOGP: list 130 denied udp
146.246.172.2(4618) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 04:59:25.550: %SEC-6-IPACCESSLOGRL: access-list logging
rate-limited or missed 58 packets
SLOT 1:May 16 05:04:25.588: %SEC-6-IPACCESSLOGP: list 130 denied udp
146.246.172.2(3692) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 05:04:25.588: %SEC-6-IPACCESSLOGP: list 130 denied udp
146.246.172.2(2202) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 05:04:25.588: %SEC-6-IPACCESSLOGP: list 130 denied udp
192.12.135.2(3287) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 05:04:25.588: %SEC-6-IPACCESSLOGP: list 130 denied udp
192.12.135.2(4078) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 05:04:25.588: %SEC-6-IPACCESSLOGP: list 130 denied udp
192.12.135.2(4477) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 05:04:25.588: %SEC-6-IPACCESSLOGP: list 130 denied udp
192.12.135.2(3189) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 05:04:25.588: %SEC-6-IPACCESSLOGP: list 130 denied udp
146.246.172.2(4101) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 05:04:25.588: %SEC-6-IPACCESSLOGP: list 130 denied udp
146.246.172.2(4854) -> 233.2.171.1(80), 1 packet
SLOT 1:May 16 05:04:25.588: %SEC-6-IPACCESSLOGP: list 130 denied udp
146.246.172.2(3167) -> 233.2.171.1(80), 1 packet
More information about the ag-tech
mailing list