Can you post a sanitized dump of the scan? Are the source ports incrementing by one and scanning port 53? This is a common trait of BigIP it gathers RTT and other stats so that it can properly route you to the least loaded server via local load-balancing. The only concern I might have is the fact that IRC is reported as listening on port 6667. It could be a compromised host. BigIP uses a modified version of FreeBSD. I don't remember it using this port, but I could be wrong. R/ Richard Smith __________________________________________________ Do You Yahoo!? NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Oct 05 2001 - 09:51:11 PDT