We see the message: "The process 'C:\WINDOWS\System32\svchost.exe' (as user NT AUTHORITY\SYSTEM) attempted to accept a connection as a server on UDP port 123 from (Internal IP Address) The operation was denied.
I believe it is just be a printer checking in with a PC to coordinate its internal clock.
We have tracked down all the IPs in these events and they are printers.
HP. Lexmark et al make no mention of this port, so I'm not sure if we can disable it at the printer.
The sheer number of these messages is annoying.
Network Access Control Rule 484 is involved. It states:
"Deny and log all applications when they attempt to act as a server for network services UDP and TCP communicating with all host addresses using all local addresses"
I don't want to define the host or local addresses (too many), and I'm leery of rebuilding the rule to exclude UDP/123
I also don't wnt to disable all logging. just in case there is a real problem someday.
To get rid of the messages you need to either browse to the IP address of the printer and manually change the time server to a legitimate time server or allow all your printers to get time from your hosts with an exception.
I usually just change the time server on our HP printers since we have an internal one.
I don't believe there is a way to disable HP printers getting time from a time source (at least that's what HP told me when I asked them).
Not sure about Lexmark but I'm guessing they have the same setting.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :