CSA-Pesky UDP 123 message-printer related

tim_graham · ‎06-05-2007

We are currently running CSA ver. 5.1.0.79.

We see the message: "The process 'C:\WINDOWS\System32\svchost.exe' (as user NT AUTHORITY\SYSTEM) attempted to accept a connection as a server on UDP port 123 from (Internal IP Address) The operation was denied.

I believe it is just be a printer checking in with a PC to coordinate its internal clock.

We have tracked down all the IPs in these events and they are printers.

HP. Lexmark et al make no mention of this port, so I'm not sure if we can disable it at the printer.

The sheer number of these messages is annoying.

Network Access Control Rule 484 is involved. It states:

"Deny and log all applications when they attempt to act as a server for network services UDP and TCP communicating with all host addresses using all local addresses"

I don't want to define the host or local addresses (too many), and I'm leery of rebuilding the rule to exclude UDP/123

I also don't wnt to disable all logging. just in case there is a real problem someday.

Has anyone else addressed this?

tsteger1 · ‎06-05-2007

To get rid of the messages you need to either browse to the IP address of the printer and manually change the time server to a legitimate time server or allow all your printers to get time from your hosts with an exception.

I usually just change the time server on our HP printers since we have an internal one.

I don't believe there is a way to disable HP printers getting time from a time source (at least that's what HP told me when I asked them).

Not sure about Lexmark but I'm guessing they have the same setting.

Tom