Hi,
I have this weird problem and cannot figure out what might be causing
it. Among the everyday port/ip scans, I recently got a few weird lines
on our fw-1:
drop fw1 >le0 proto tcp src 213.61.112.165 dst fw1 service 19000
s_port ftp-data len 40 rule 18
drop fw1 >le0 proto tcp src 213.61.112.165 dst www service 19000
s_port ftp-data len 40 rule 18
drop fw1 >le0 proto tcp src 213.61.112.165 dst 255.255.255.255
service 19000 s_port ftp-data len 40 rule 18
Well, the first two are easy (someone is trying to check if I allow
incoming ftp-data through some "non-stateful" packet filter); the third
one I cannot understand. My external router drops source routed ip
packets, so how could this packet get here? There are no other systems
on this VLAN and on previous scans, the src addr was different.
Thanks
--
Rui Pedro Bernardino / Av. Miguel Bombarda, 4, 8o / 1049-058 Lisboa /
Portugal
Try to get all of your posthumous medals in advance.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
