R
Randy Brick MacKenna
Hi, my firewall today on my office (work) computer told me that a
request was coming in to execute lsass.exe from a UDP connection on
port 4500. I blocked it, and the log shows this:
Inbound UDP packet.
Local address,service is (RMACKENNA(xxx.xx.xxx.xxx),4500).
Remote address,service is (xxx.xx.xxx.xxx,4500).
Process name is "C:\WINDOWS\system32\lsass.exe".
I redacted the actual IP addresses here, for privacy -- but my address
is on an internal network within my corporation, and is not (I
thought) exposed to the outside world -- we have hardware firewalls in
place. The remote IP address resolved to a user in some other company
-- I recognize the company but have never dealt with them as part of
my job.
My virus scan returns nothing.
Do I have something to worry about regarding this event?
Thanks,
Randy
request was coming in to execute lsass.exe from a UDP connection on
port 4500. I blocked it, and the log shows this:
Inbound UDP packet.
Local address,service is (RMACKENNA(xxx.xx.xxx.xxx),4500).
Remote address,service is (xxx.xx.xxx.xxx,4500).
Process name is "C:\WINDOWS\system32\lsass.exe".
I redacted the actual IP addresses here, for privacy -- but my address
is on an internal network within my corporation, and is not (I
thought) exposed to the outside world -- we have hardware firewalls in
place. The remote IP address resolved to a user in some other company
-- I recognize the company but have never dealt with them as part of
my job.
My virus scan returns nothing.
Do I have something to worry about regarding this event?
Thanks,
Randy