"Bobby, Paul" wrote: > I've been seeing quite a few packets that originate from the Internet on > port 23. The traffic is always destined to port 3072 on my boxes in my dmz. > > I have only seen 30-35 such packets in the last month, and unfortunately > have not yet caught them on my sniffer, although they have registered in my > router and firewall logs. > > What is interesting is that the destination IP of all these packets do not > exist; yes they belong to me, but there are no physical devices with these > IP addresses. > > Anyone seen anything like it? > > ----------------- > Paul Bobby > <dream> Got Root? </dream> Yes, it is most likely a synflood against the people that appear to be sending the traffic. If you were able to capture the packet date, you would see syn-acks. -- Jason Potopa Lead Internet Security Engineer, Qwest Communications jpotopaat_private
This archive was generated by hypermail 2b30 : Fri Apr 27 2001 - 08:22:03 PDT