Security Incidents mailing list archives
Advice sought
From: Mike Alexander <mike.alexander () MAIL MORAY GOV UK>
Date: Mon, 26 Feb 2001 14:52:43 -0000
Dear all, I've noticed in our firewall logs a number of entries that are getting dropped. These seem to be occurring every couple of minutes, and are to a couple of our addresses only. The IP of this device is 63.238.98.16, and it is always trying port 3967. I did a 'tcpdump' on the firewall, with the result as follows (our host is x.x.x.24): --- 14:32:30.441991 0:c0:5:3:19:59 0:c0:95:e0:9c:b4 ip 60: 63.238.98.16.http > x.x.x.24.3967: F 4005189898:4005189898(0) ack 2941449939 win 17520 (DF) (ttl 238, id 22199) --- Can anyone tell me what's going on here? From what I can see, it's trying to poll one or two of our machines, but I've no idea why. Any help much appreciated. Regards, Mike "The surest sign that intelligent life exists elsewhere in the universe is that it has never tried to contact us"
Current thread:
- Advice sought Mike Alexander (Feb 26)
- Re: Advice sought Russell Fulton (Feb 27)
- Re: Advice sought John Lampe (Feb 27)
- Re: Advice sought Ryan Russell (Feb 27)
- Re: Advice sought John Lampe (Feb 28)
- Re: Advice sought John Lampe (Feb 27)
- Re: Advice sought Russell Fulton (Feb 27)