Over the last day or so, I have logged a few hundred thousand packets such as: Jun 10 03:10:46 anubis 918013: %SEC-6-IPACCESSLOGP: list 102 denied udp 205.211.138.10(60122) -> 134.186.108.0(18493), 1 packet Jun 10 03:10:47 anubis 918014: %SEC-6-IPACCESSLOGP: list 102 denied udp 205.211.138.10(23017) -> 134.186.193.0(36492), 1 packet Jun 10 03:10:47 anubis 918015: %SEC-6-IPACCESSLOGP: list 102 denied udp 205.211.138.10(54697) -> 134.186.194.0(1764), 1 packet Jun 10 03:10:47 anubis 918016: %SEC-6-IPACCESSLOGP: list 102 denied udp 205.211.138.10(11899) -> 134.186.196.0(3553), 1 packet Source address does not change, port goes to 65K. Aside from 40 MB/day log files, why after ip host 0? The subnets have Win NT 4.0 clients & severs, as well as some linux servers. Any advice on what vulnerabilities someone may be trying to exploit? thanx joel wiley - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
