Not exactly on topic, but I've gotten no response elsewhere.
If you're offended by TCP/IP protocol questions, please
use the delete key now.
For about the past month, we've logged occasional TCP packets
with a source address of 255.255.255.255 on our private network
backbone. We have not managed to sniff a non-routed packet,
so we can't identify the source by its MAC address yet.
Can anyone shed any light on what these might be? Generally
the source port is random non-privileged (>1023) and the
dest port is 25342, although a few of these have had dest
port 80. There were also a few with source port 80 and
dest 50561, 50562, 63331, or 63332. The few captured
packets all had RST set and empty payload. Destination
address is always on an outside network.
--
W.C. Epperson "I have great faith in fools.
Chief of Systems Engineering Self-confidence, my friends call it."
Security Officer Emeritus --Edgar Allen Poe--
Curmudgeon-for-Life
Virginia Dept. of Education
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
