UDP_Probe_Other

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

We have a 2003AD environment with mixed W2K and WXP Pro machines. All
laptops run BlackICE firewall (in addition to our firewall device). My
BlackICE is showing hundreds of hits from another user today with event
"UDP_Probe_Other". The "intruder" is the user's AD name
"JoeSmith.domain.com". I looked at the machine in question - got rid of
negligible spyware (mainly cookies), ran clean antivirus, didn't see any
questional services or processes, disabled AEGIS protocol and IEEE. The LAN
firewall shows nothing unusual. Nothing looks out of the ordinary yet for
some reason her machine is bombarding me, and maybe others, with this
"UDP_Probe_Other" traffic.

Anyone have any ideas? Thanks.
 
MEB said:
We have a 2003AD environment with mixed W2K and WXP Pro machines. All
laptops run BlackICE firewall (in addition to our firewall device). My
BlackICE is showing hundreds of hits from another user today with event
"UDP_Probe_Other". The "intruder" is the user's AD name
"JoeSmith.domain.com". I looked at the machine in question - got rid of
negligible spyware (mainly cookies), ran clean antivirus, didn't see any
questional services or processes, disabled AEGIS protocol and IEEE. The LAN
firewall shows nothing unusual. Nothing looks out of the ordinary yet for
some reason her machine is bombarding me, and maybe others, with this
"UDP_Probe_Other" traffic.

Anyone have any ideas? Thanks.
Click to expand...

Yup. Got an idea ;-)

What's running on this machine that's not running on the other
machines? Running Task Manager might tell you what's different - if
that doesn't work, open a command prompt window and type 'tasklist
/svc' (without the quotes) and that will tell you what services are
running under a svchost wrapper.

Clearly something's different on the machine - between task manager and
tasklist you should be able to determine what it is and then shut it
off.

Good luck!
 
Back
Top