After working with both ISP's that the scan originated from, we discovered they were both trying out a new Linux network neighborhood browser called Gnomba. More info on this tool can be found at: http://stute.jacobus.stevens-tech.edu/~gandalf/proj/gnomba/in dex.html Apparently it is a senior project at this university, and there are still a few bugs. I am still trying to determine whether it only browses a specific work group like the MS network neighborhood, or if it scans for _any_ workgroup exposed to the net. Guess this is why we block SMB at the firewall... I did get a couple reports from the list on other address ranges that were scanned, so this doesn't seem to be a local issue. Thanks for all your responses. Dan Lenhard System Admin [EMAIL PROTECTED] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
