I've seen an enormous number (> 50/day) of hits on my machine's firewall (not a public server of any type) against TCP 55317. Anybody know what this might be? I've been unsuccessful in my hunts for TCP 55317 on google and groups.google. The only thing that came up was a relatively obscure software program that seems to be an interface to the London stock exchange. Seems strange that someone might expect such a program to be running on a university computer. They all seemed to come from the same IANA reserved address (which I assume is spoofed) until today, when they started coming in from additional addresses. Source port was (and is) 53239 on the original attacking machine, but is also coming in from 1025 and 63021.
Any ideas?
Charley
--
Charles Hamilton, PhD EIT Faculty Fellow
Department of Civil and Phone: 949.824.3752
Environmental Engineering FAX: 949.824.2117
University of California, Irvine Email: [EMAIL PROTECTED]---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
