--Im using blackice server agent on my iis5 box-- Ive noticed that the ISAPI overflow attempts are being followed by (within a minute) a udp port probe to ports 1094,1028, or 1143 (perhaps dynamicaly changing). Ive detected 4 of these for 4 scans since 11:30am CST. The udp probe is usually a ten count. Anyone else seen this? John Note: I do have Ip filtering enabled and blocking all but tcp 21,80,137-139. Same blocks apply on blackice. ------------------------------------ John Thompson Network Administrator Dept. of Biochemistry University of Iowa ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 01 2001 - 10:39:58 PDT