it is spoofed most likely, and it targeting lpd on unix hosts within your
networks. from time to time there have been bugs with lpd, so possibly
they are looking for a way to get elevated privs by exploiting the printer
daemon. the interesting thing is the src port (31337). this obviously is a
malicious tcp attempt.
i would say you are right, its some kiddie-ware.
--truman
On Fri, 1 Jun 2001, Dave Horsfall wrote:
> I've been seeing a few of these lately, all sent to different addresses:
>
> May 31 10:30:10 denied tcp 255.255.255.255(31337) -> xxx.xxx.xxx.106(515), 1 packet
>
> Is this some weird stealth probe, causing reject packets to be broadcasted
> back (which they aren't, BTW), or just broken kiddie-ware?
>
> --
> Dave Horsfall CL VK2KFU [EMAIL PROTECTED] Ph: +61 2 9906 3377 Fx: * 9906 3468
> (Unix Guru) Pacific ESI, Unit 22, 8 Campbell St, Artarmon, NSW 2065, Australia
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
