> I have been seeing syn packets from src 255.255.255.255:31337 to > random ip-numbers port 515 in our nets for months. Does anyone kow > what could cause this? We've also been seeing these with real IP src addresses, as well as 255.255.255.255. The best speculation I've heard is that it is an exploit scanning for LPR/LPRng holes, and the ones from the broadcast address are from unconfigured but live interfaces on (most likely) Linux boxes. -- Dan Riley dsrat_private Wilson Lab, Cornell University <URL:http://www.lns.cornell.edu/~dsr/> "History teaches us that days like this are best spent in bed" ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Jun 29 2001 - 11:18:43 PDT