Underway. I don't currently have a sniffer loaded on the firewall, but plan
on installing ipgrab & tcpdump this weekend, if all goes well. I have
pinged & tracerouted some of the sources... they *weren't * equal hops away.
I'm sure others on the list have spent more time seeking out the sources
than I have, and may have some additional comments. Whatever it's all
about, there appears to be no compromise of my systems, simply nuisance...
so I haven't aimed all the guns at it. I just like to keep abreast of what
*they* are up to now <g>.
--Bill
----- Original Message -----
From: Randall, Mark <[EMAIL PROTECTED]>
To: Bill Fox <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, October 07, 1999 11:57 PM
Subject: RE: Squid probes ?
Are you running a sniffer, or using some other method to examine the packets
themselves?
I would check the variations in source IP with the TTL value. All those
different sources are very unlikely to be the exact same number of hops
away.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
