A.P. Lawrence

Information and Resources for Unix and Linux Systems
Bloggers and the self-employed

Get APLawrence.com by RSS

Home
Kerio
Sections
- MacOSX
- Linux
- Blogging
- Self-Employment
- Support
Contents
- Most Popular
- Browse All Topics
- Newest Articles
- Random Page
- Surveys
Tests
- Linux
- Mac OS X
- SCO Unix
- Perl
Resources
- Site Forum
- Write for this site
- Find a Consultant
- Contact Info
- RSS Feeds
- Store
- Advertise Here
- Disclaimer
Help
- About
- Rates
- Copyrights
- Contact
- Support

Our Latest Posts: - The L Drug - SCO 6isms!!!! - Google Adsense and recession - A Tale of Backup

Best of the Newsgroups: broadcast on udp port 1230

What is this stuff?

Main Index

From: duhj...@hotmail.com (Josh Miller)
Subject: Re: Network gurus...  UDP outbound to port 1230 every 17 seconds?
Date: 6 May 2004 08:24:34 -0700
Message-ID: <2e1feb28.0405060724.65b3fb4c@posting.google.com> 
References: <2e1feb28.0405051300.59082c61@posting.google.com> 

duhj...@hotmail.com (Josh Miller) wrote in message news:<2e1feb28.0405051300.59082c61@posting.google.com>...
> I am experiencing some very strange network activity.  Some of the
> boxes on my network are sending a UDP packet from the NTP port (UDP
> 123) outbound to IP 85.85.170.170 port 1230 every 17 seconds.  I have

> http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=098a01c3ad27%2475131320%24a401280a%40phx.gbl

Paid Advertisers

Cingular cell phones - Advanced Cisco Networking and Security by Vinci Consulting
Data Recovery Software - Internet Advertising -

On-Line Poker for cash prizes
Play LEGAL poker and win cash


Well I finally figured out what this was. I hope the anonymous poster
who had this same problem back in November was able to figure out what
was going on quickly and didn't spend too much time on this.  I'll
post the details here in case this weird behavior is noticed by
someone else. Maybe it will save a day of troubleshooting and
tracking... :)

It turned out to be an HP printer on my network that wasn't DHCP'ing
all of a sudden and registered itself as 85.85.170.170.  I used MS's
network monitor to watch one of my servers that was sending data out
to IP 85.85.170.170 port 1230 and grabbed the MAC address of the box. 
Looking up the MAC vendor code online I determined that it was an HP
NIC. The only HP NICs I have on my network are printers.  After
finally finding the MAC in my DHCP system and turning off the
suspected printer, the requests stopped.  Something had happened to
this stupid printer where all of a sudden it wasn't able to DHCP, it
registered itself as 85.85.170.170 and started broadcasting NTP
requests to port 123 on subnet 255.255.255.255.  We reset the printer
back to factory defaults and everything was fine after that. Oh well,
another day wasted tracking down weird network behavior.  Hopefully
the next time someone sees this behavior and Google's it they will
come across this solution. :D

Comments /Bofcusm/2551.html

Wed May 31 17:51:02 2006 anonymous

We had the same problem, most of the nodes on our network sending udp packets
off to some site in spain. Our HP printer had a static IP configured, the
"print configuration" option on the printer showed it had the incorrect
IP address. I simply power cycled the printer and the problem went away.

It might also be noted that we believe we can trace the problem to a power
outage that lasted 15 minutes or so.

Tue Aug 22 09:11:53 2006 Kevin

Thanks this helped alot, down to a power cut

Fri Feb 2 01:05:03 2007 anonymous

Appreciate the post. Per your wish, I had this problem - googled it - hit
your post - you saved me mucho troubleshooting.

THANKS

Tue Feb 27 13:04:30 2007 anonymous

thxt, we had the same problem

a lot of udp traffic on port 1230 to 85.85.170.170

and yes, it was as stupid HP-Printer

Tue Jul 22 08:35:50 2008 anonymous

Website:
I had the exact same problem and also after a sudden power outage, power
cycle the printer solved the problem.

Add your comments