This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port 10101 --> Symantec

I noticed a great deal of entries in my IPS log.

They all look like this:
2011:12:28-15:50:29 wahine ulogd[5994]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth0" srcmac="4:c:ce[:D]c:50:82" dstmac="0:c:29:67:ac:84" srcip="10.1.2.3"[my mac client]  dstip="198.153.192.3" proto="17" length="237" tos="0x00" prec="0x00" ttl="64" srcport="55439" dstport="10101"

Note the destination port: 10101
This is the same port that Astaro used for it's "cloud based" log management.
Destination ip:  198.153.192.3 [details below]

The destination IP address is for the following:
   NetRange: 198.153.190.0 - 198.153.196.255
   CIDR:198.153.190.0/23, 198.153.196.0/24, 198.153.192.0/22
   NetType: Direct Assignment
   OrgName:Symantec Corporation
   Address:20330 Stevens Creek Blvd
   City:Cupertino
   StateProv:CA
   OrgAbuseName:Symantec IP Administrator
   OrgAbusePhone:+1-650-527-8000
   OrgAbuseEmail[:D]l-it-ip-admin@symantec.com

I have no Symantec products installed on my machine.

Question:  Is there any official relationship between Astaro and Symantec that might explain this traffic?

Can any one assist in identifying this traffic?

Thanks,

Dougga

This thread was automatically locked due to age.

Parents

0 BAlfson over 13 years ago

Actually, when I checked that IP with CentralOps Domain Dossier, I didn't find it connected to Symantec at all.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 SalishSwede over 13 years ago in reply to BAlfson

That's interesting.
I plug the ip address into the tool you reference, and I get the same Symantec reference.
Perhaps I'm misinterpreting this.
The individual ip address has no record but it's found on a network which is directly registered to Symantec.

Network Whois record

Queried whois.arin.net with "n 198.153.192.3"...

NetRange:       198.153.190.0 - 198.153.196.255
CIDR:           198.153.196.0/24, 198.153.192.0/22, 198.153.190.0/23
OriginAS:
NetName:        NETBLK-OPENVISION
NetHandle:      NET-198-153-190-0-1
Parent:         NET-198-0-0-0-0
NetType:        Direct Assignment
RegDate:        1993-08-11
Updated:        2009-03-26
Ref:            http://whois.arin.net/rest/net/NET-198-153-190-0-1

OrgName:        Symantec Corporation
OrgId:          SYMN-Z
Address:        20330 Stevens Creek Blvd
City:           Cupertino
StateProv:      CA
PostalCode:     95014
Country:        US
RegDate:        2008-08-01
Updated:        2008-10-21
Ref:            http://whois.arin.net/rest/org/SYMN-Z

OrgNOCHandle: SIA9-ARIN
OrgNOCName:   Symantec IP Administrator
OrgNOCPhone:  +1-650-527-8000
OrgNOCEmail:  dl-it-ip-admin@symantec.com
OrgNOCRef:    http://whois.arin.net/rest/poc/SIA9-ARIN

OrgTechHandle: SIA9-ARIN
OrgTechName:   Symantec IP Administrator
OrgTechPhone:  +1-650-527-8000
OrgTechEmail:  dl-it-ip-admin@symantec.com
OrgTechRef:    http://whois.arin.net/rest/poc/SIA9-ARIN

OrgAbuseHandle: SIA9-ARIN
OrgAbuseName:   Symantec IP Administrator
OrgAbusePhone:  +1-650-527-8000
OrgAbuseEmail:  dl-it-ip-admin@symantec.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/SIA9-ARIN

RAbuseHandle: SIA9-ARIN
RAbuseName:   Symantec IP Administrator
RAbusePhone:  +1-650-527-8000
RAbuseEmail:  dl-it-ip-admin@symantec.com
RAbuseRef:    http://whois.arin.net/rest/poc/SIA9-ARIN

RTechHandle: SIA9-ARIN
RTechName:   Symantec IP Administrator
RTechPhone:  +1-650-527-8000
RTechEmail:  dl-it-ip-admin@symantec.com
RTechRef:    http://whois.arin.net/rest/poc/SIA9-ARIN

RNOCHandle: SIA9-ARIN
RNOCName:   Symantec IP Administrator
RNOCPhone:  +1-650-527-8000
RNOCEmail:  dl-it-ip-admin@symantec.com
RNOCRef:    http://whois.arin.net/rest/poc/SIA9-ARIN
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 SalishSwede over 13 years ago in reply to BAlfson

That's interesting.
I plug the ip address into the tool you reference, and I get the same Symantec reference.
Perhaps I'm misinterpreting this.
The individual ip address has no record but it's found on a network which is directly registered to Symantec.

Network Whois record

Queried whois.arin.net with "n 198.153.192.3"...

NetRange:       198.153.190.0 - 198.153.196.255
CIDR:           198.153.196.0/24, 198.153.192.0/22, 198.153.190.0/23
OriginAS:
NetName:        NETBLK-OPENVISION
NetHandle:      NET-198-153-190-0-1
Parent:         NET-198-0-0-0-0
NetType:        Direct Assignment
RegDate:        1993-08-11
Updated:        2009-03-26
Ref:            http://whois.arin.net/rest/net/NET-198-153-190-0-1

OrgName:        Symantec Corporation
OrgId:          SYMN-Z
Address:        20330 Stevens Creek Blvd
City:           Cupertino
StateProv:      CA
PostalCode:     95014
Country:        US
RegDate:        2008-08-01
Updated:        2008-10-21
Ref:            http://whois.arin.net/rest/org/SYMN-Z

OrgNOCHandle: SIA9-ARIN
OrgNOCName:   Symantec IP Administrator
OrgNOCPhone:  +1-650-527-8000
OrgNOCEmail:  dl-it-ip-admin@symantec.com
OrgNOCRef:    http://whois.arin.net/rest/poc/SIA9-ARIN

OrgTechHandle: SIA9-ARIN
OrgTechName:   Symantec IP Administrator
OrgTechPhone:  +1-650-527-8000
OrgTechEmail:  dl-it-ip-admin@symantec.com
OrgTechRef:    http://whois.arin.net/rest/poc/SIA9-ARIN

OrgAbuseHandle: SIA9-ARIN
OrgAbuseName:   Symantec IP Administrator
OrgAbusePhone:  +1-650-527-8000
OrgAbuseEmail:  dl-it-ip-admin@symantec.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/SIA9-ARIN

RAbuseHandle: SIA9-ARIN
RAbuseName:   Symantec IP Administrator
RAbusePhone:  +1-650-527-8000
RAbuseEmail:  dl-it-ip-admin@symantec.com
RAbuseRef:    http://whois.arin.net/rest/poc/SIA9-ARIN

RTechHandle: SIA9-ARIN
RTechName:   Symantec IP Administrator
RTechPhone:  +1-650-527-8000
RTechEmail:  dl-it-ip-admin@symantec.com
RTechRef:    http://whois.arin.net/rest/poc/SIA9-ARIN

RNOCHandle: SIA9-ARIN
RNOCName:   Symantec IP Administrator
RNOCPhone:  +1-650-527-8000
RNOCEmail:  dl-it-ip-admin@symantec.com
RNOCRef:    http://whois.arin.net/rest/poc/SIA9-ARIN
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data