I know some time ago M$ windows machines had some exploit on their NNTP service...
maybe that are trying to exploit it or just scan to exploit it... Maybe a good thing to get more info out of the packets then just examining the logs to try to find out what exactly goes wrong here... For all I know there aren't any lately know holes in *nix based NNTP (apart from the badly configured / administrated onces) Regards, Brenno > -----Original Message----- > From: Antti Tolamo [SMTP:[EMAIL PROTECTED]] > Sent: dinsdag 16 oktober 2001 19:36 > To: [EMAIL PROTECTED] > Subject: RE: Port 119 scans > > At 20:10 16.10.2001, Michael Erdely wrote: > >You aren't, by chance, on a cable modem network, are you? > > > >My @Home provider scans my firewall on port 119 (news) all the time. > > > >-ME > > > No, I have an ADLS connection. And sources are anyway from > places like Netherlands, China, Sweden etc. > > Change was bit sudden, and now those scans keep coming > all a time. I have about 9 months firewall log scans archived, and I > really > started to get them only at beginning of 7th of August until this date. > > Before that, last date is from February. But that is not only odd > thing I've experienced. > > > > > Antti > > > > > > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
