Re: Strange scan/connection request

[Luke Dudney <luke.dudney () WESTNET COM AU>]

> -----Original Message-----
> From: Los, Ralph [mailto:rlos () ENVESTNET COM]
> Sent: Thursday, December 14, 2000 1:14 AM
> To: INCIDENTS () SECURITYFOCUS COM
> Subject: Strange scan/connection request
>
>
> List:
>
>       As of yesterday, we've been getting the following
> messages on the
> firewall (minimal logging, unfortunately).
>
> Source:128.a.b.c, 50830-      Destination:my.main.fw.ip, 33473
>
> Source:128.a.b.c, 50830-      Destination:my.main.fw.ip, 33478
>
>
>       It would seem the source port is always the same, and the
> destination is always in the same range.  I wish I had some
> packet-capture
> capability, but I regret I do not, yet, as I am just setting
> this network up
> for security.
>
> Can someone maybe help identify this?

Odds on it's a traceroute.

Cheers
//Luke.