Small private networks are a necessary part of our business.
We also run some small networks with Internet connectivity
through firewall routers. The smallest of these networks
has only a printer and a mix of five CentOS and Windows 7
machines.
We use a commercial protection product on the W7 system.
This product has worked well guarding against unwanted
software on the system for about three and a half years.
Scans are scheduled and performed routinely once a week
or on demand at various times.
A recent update to this protection product has caused it
to start probing the network for other systems. There is
sometimes a message following scans indicating that there
are other systems on our network that are unprotected. It
appears that the two systems it is naming are a CentOS 6
system and the HP printer.
This network probing does not happen with every scan that
is run by the protection software and we have not been able
to determine what causes that probing to be initiated. We
also do not know exactly what is happening over the network
during the probing activity. The protection software support
folks have been no help in figuring out what is going on.
There seems to be no good reason for the probing message to
name only these two systems. The available printer status
shows no indication of network traffic associated with this
probing activity. The CentOS 6 system also does not indicate
any related network activity from the system that is running
the protection software. We have tried unsuccessfully to
capture the network probing activity using Wireshark.
Any ideas regarding how to track down what is happening here
would be greatly appreciated.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
