For a few weeks now I have been dogged by an apparent scan of my network.
The scanning host keeps hitting UDP port 22 on all of my hosts in an
apparently random IP address order. The network admin of the originating
domain has attempted to block this traffic at his firewall but I keep
getting the scans of all hosts. Today I happened to be running ethereal
sniffer when another scan from the same host hit UDP port 5632 on all of my
hosts. The packets sent, minus all headers, are all just two bytes long and
identical.
While the traffic is slight I am intent on learning the source and method of
this activity. I am at a loss on where to proceed from here. Any ideas?
Joel
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
