08-14-2020 11:17 AM
HI, I am a SOC Analyst who is working with one of my clients. I was doing a port inspection, and noticed a high number of outbound requests on UDP 3050. They all seem to be about 500 bytes. No traffic is witnessed inbound.
The client believes this traffic is coming from their wireless access point. The client states that they are running:
The client has reported that these are older Manager and Firmware models, and plans to upgrade.
Any help in identifying this traffic and stopping it would be greatly appreciated.
Thank you.
P.S. I’m guessing the Sub-Forum. Please let me know if I need to move this post to the proper forum
08-16-2020 11:05 AM
Sam, after reading this, I think you may be on to something. One thing I noticed was that there seemed to be a pattern in the IP addresses using the port. Certain ip ranges (like a .19) seemed to be present more in the findings. I’ll run this by my client with their weekly report. I’ll keep you in the loop. Thanks for the pointer.
08-14-2020 07:21 PM
Hello Paul, my first thought is IP tracking, do you know if that is enabled in your policy? This page reviews IP tracking for reference: http://docs.aerohive.com/330000/docs/help/english/ng/Content/gui/configuration/configuring-ip-tracki...