Ward, This port's on the radar screen but at a very low level:
http://isc.incidents.org/port_details.html?port=901 (Select the % plot and you'll see a small spike last December) Are you perhaps using a dynamic IP address? If so, perhaps a recent user of the same address had a SWAT interface set up that other computer systems were accessing. Regards, Mike Kllinke On Saturday 15 February 2003 13:51, Ward William E DLDN wrote: > Well, actually, I'm NOT using SWAT; I don't use SAMBA > either, so there's no need for SWAT. I know what SWAT > is, though, and my firewall suddenly started reporting > hits on port 901 (SWAT) yesterday; I've checked, and I've > NEVER had hits on 901 before (though the firewall hasn't > changed), yet yesteday, they were coming from all over. > > So, I'm wondering if there's a new SWAT exploit? I > know a lot of folks around here use SAMBA, so I figure > a few also use SWAT, so they would need to be aware > of it, as well. > > Heh, here's more fuel for that debate the other > day over "To firewall, or not to firewall"; I wouldn't > have caught this on the server (I don't log rejected > or ignored ports on that machine) but I do on the > firewall. > -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
