John, I've seen the same on my Win2K server, but when the floppy seek occurs I did not see any open connection to the outside. If I put a floppy in the drive it stops seeking it. So my guess is that Windows internally seeks the floppy for one reason or the other. I've searched th MS Knowledge Base on this but found no issues that are related to this behaviour. So I don't know what is causing the floppy drive to be seeked. Maybe someone else has the answer for that question?
Regards Martijn. C-it B.V. www.c-it.nl -----Original Message----- From: John D from Best Price Cruises [mailto:[EMAIL PROTECTED]] Sent: dinsdag 9 juli 2002 23:28 To: Security-Basics Mail List Subject: Strange Connections Okay, This is sort of a two part question: 1. A while ago, my Win2k server here at the office had its floppy drive crank up (like when you try and access the drive with no disk in it). There was nothing running that would have needed the floppy drive. Anyways, just because I was curious I ran netstat and saw a bung of connections from prisoner.iana.org that I have never seen before. I did a search on Google and found only a few references to the address, most dealing with potential hackers using a spoofed ip (none of the people making the posts seemed very knowledgable and they contained very little info). Anyone ever seen any abuse by this address, have any idea why it would connect to my server, or why the disk drive cranked up? (If I am just crazy, thinking that the prisoner.iana.org thing and the disk drive have anything to do with each other please feel free to smack me)... 2. I am running a SMC Barricade broadband router... does anyone know of any vulinabilities that would allow an attacker to port scan through the routers firewall to the internal network? (possibly firewalk?) I can't seem to find any specific info for the SMC and the problem still exists (or so says snort) after upgrading the firmware. Thanks in advance for the help guys, John D Best Price Cruises
