Please correct me if Im wrong here: Windoz boxes both query AND Listen on UDP port 135,7,9, correct? What is everyone else doing (if anything) with scans (see below) with the source ports other_than the normal 135,7,9. Currently these are being treated as malicous, being logged and reported. Any suggestions? TIA! Marc... Ok, assume you have a log entry like: <snip> Deny inbound UDP from 216.0.131.5/782 to 172.16.100.101/137 <snip> <----sterilized for your protection, of course RFC1918 addresses arent routable no flames plz.... +++++++++++++++++++++++ Marc Renner - Director http://ci.marysville.wa.us Network Operations Dept. Mailto:[EMAIL PROTECTED] City of Marysville, Wa. (360) 651-5000 ISSA Member # 10281 http://www.issa.org +++++++++++++++++++++++ - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
