Outbound Traffic on UDP 3050

  • 14 August 2020
  • 2 replies

HI, I am a SOC Analyst who is working with one of my clients. I was doing a port inspection, and noticed a high number of outbound requests on UDP 3050. They all seem to be about 500 bytes. No traffic is witnessed inbound. 

The client believes this traffic is coming from their wireless access point. The client states that they are running:

  • on premises Hive Manager Software Version: 8.2r2c
  • AP model AP250 running HiveOS 8.0r1.162054

The client has reported that these are older Manager and Firmware models, and plans to upgrade.

Any help in identifying this traffic and stopping it would be greatly appreciated.

Thank you.

P.S. I’m guessing the Sub-Forum. Please let me know if I need to move this post to the proper forum

2 replies

Userlevel 4

Hello Paul, my first thought is IP tracking, do you know if that is enabled in your policy? This page reviews IP tracking for reference:

Sam, after reading this, I think you may be on to something. One thing I noticed was that there seemed to be a pattern in the IP addresses using the port. Certain ip ranges (like a .19) seemed to be present more in the findings. I’ll run this by my client with their weekly report. I’ll keep you in the loop. Thanks for the pointer.