Source port 8 to destination port 0? - Windows NT

This is a discussion on Source port 8 to destination port 0? - Windows NT ; I have a new Exchange 2003 server with Groupshield 6.0 and VirusScan 8.0i running on it (up to date, of course) and one of my Cisco 4215 IDS boxes is picking up traffic from it (port 8) to each of ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Source port 8 to destination port 0?

  1. Source port 8 to destination port 0?

    I have a new Exchange 2003 server with Groupshield 6.0 and VirusScan
    8.0i running on it (up to date, of course) and one of my Cisco 4215 IDS
    boxes is picking up traffic from it (port 8) to each of my AD Domain
    Controllers (port 0!) and logging scores of intrustion alerts. I
    suspect that it is legitimate traffic as the server is fully patched
    and had never been on the network without fully up to date antivirus
    running on it, and due to the fact that it's only sending the "suspect"
    packets to my domain controllers; however, I can't find any information
    online to support this. Does anyone know of any legitimate traffic
    where source is port 8 on and Exchange server and the destination is
    port 0 on all Domain Controllers?


  2. Re: Source port 8 to destination port 0?



    Chris wrote:
    >
    > I have a new Exchange 2003 server with Groupshield 6.0 and VirusScan
    > 8.0i running on it (up to date, of course) and one of my Cisco 4215 IDS
    > boxes is picking up traffic from it (port 8) to each of my AD Domain
    > Controllers (port 0!) and logging scores of intrustion alerts.


    I assume you mean ICMP types 8 (echo) and 0 (echo reply).

    Thor

    --
    http://www.anta.net/OH2GDF

+ Reply to Thread