3 Replies Latest reply on Jun 7, 2011 3:31 AM by alestichy

    Rogue System Detection - Does sensor scan ports?

    RealEGT

      Our network IDS is showing traffic coming from a couple of our hosts on UDP 31337. This port is usually assosciated with the Back Orafice trojan. The computers appear to be free of any malware. The only thing these hosts have in common are that they are Rogue System Detection sensors. I see the sensor has some OS fingerprinting functionality. Do this include doing port scans? I'm trying to determine if this could be legitimate traffic. My next step would be to do a traffic capture, but I wanted to see if anyone could confirm the sensor as a possible culprit.