Check this link.
http://www.zdii.com/industry_list.asp?mode=news&doc_id=ZD5083014
The port scanning source is called the Cheese Worm. It searches for Linux
boxes compromised by the 1i0n worm and closes the security breach then
searches for more compromised systems.
Jerry Bryant
Director Computer Networks
Ozarks Technical Community College
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Ivan
More
Sent: Wednesday, May 16, 2001 5:49 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: [FW1] port 10008
Hi all you Gurus,
I have seen quite a number of drop packets using port
10008 in the FW-1 log. Some of these packets are
coming from unknown IPs when I do NSlookup.
The logs look like this
service source Destination
10008 211.168.167.199 255.255.255.255
10008 193.233.83.66 255.255.255.255
Anyone got an explaination?
Cheers,
I. More
_______________________________________________________
Do You Yahoo!?
Get your free @yahoo.ca address at http://mail.yahoo.ca
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
