In case it helps someone else:
I was seeing broadcasts ( dst:255.255.255.255 ) about every 30 seconds (top and middle of the minute) to UDP port 41224 from a windows box. The a process named "java" was sending to UDP port 41224, and a different "java" thread was listening on UDP port 41224.
The UDP payload only included the text, "KEY:ABCDXYZ"....It turns out, it’s an e-trade streaming quote applet, runs in an IE window, but uses the java plugin (process name ‘java.exe' ). Apparently it's pay-ware, and it regularly sends out its key and listens for other applets with the same key, ostensibly to ensure that someone isn't running the same license on multiple computers.
No comments:
Post a Comment