Yesterday I replaced the black box firewall my ISP provided with an FW-1 box. I'm in the process of refining the rule sets so I've been pouring over the logs. One mystery I found was outbound connections from my Exchange server to IP addresses registered to the University of Southern California. They are UDP packets to ports 1032, 1033 and 1059. The source port is increments ala portmapper. I captured a few of the packets and they seem rather harmless -- 8 bytes of data that is repeated in each packet to each destination, the packets are sent every 3-6 minutes and the contents do not change. I've already blocked them but anyone have any ideas what these might be or what process might be generating them? I haven't gone through my Exchange box yet, that's next on the list. Bill Stackpole, CISSP Olympic Resource Management, Voice/Data Manager P.O. Box 1780, Poulsbo, WA 98370 Phone (360) 697-6626 x601 Fax (360) 697-7519 "Simplify. There is no value in complexity, it is too difficult to manage." - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
