Re: Port 4927 traffic spike

[H C <keydet89 () yahoo com>]

Joe,

A couple of questions...

> Between 17:09 and 17:25 (MST) our firewall recorded
> an unusual spike in attempted connections on port
> 4927 (i.e., we've never recorded any traffic to this
> port before; to see seven different hosts connecting
> to it in such a short period is for us, well,
> unusual).

You say your firewall recorded these packets, and then
you said that 7 different remote hosts "connected" to
the port.  Is this, in fact, the case?  Or did your
firewall "block" these packets?  It looks like your
firewall did block the packets (based on the log
excerpts you sent).
 
Since these packets seem to have been blocked, the
question then becomes...so what?  You'll have to go
ask the people who scanned you....




__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com