We've identified several of the sources of these packets as either BIG-IP's or 3-DNS's. None of them actually have port 6667 open, so that looks like an artifact of some device between the host your ran nmap upon and the destination hosts. Two of them are 3-DNS's operated by realmedia.com (3dns.east.realmedia.com and 3dns.west.realmedia.com) and several of the others are probably BIG-IP's operated by them as well. It looks like they've modified the 3-DNS Round Trip Time probe settings to do five probes at a time, which some may consider excessive. I've forwarded this information to our Support group to see if we can help them configure their 3-DNS's to be a little less noisy. If you find these probes obnoxious, you can contact them and ask them to add you to their 3-DNS do-not-probe list. One thing you should understand is that these probes are prompted by a DNS request from your site and result in you getting better service from their sites. Once you are on the do-not-probe list, you will most likely get poorer service from them. JMH Seth Milder wrote: > > BTW, I could not telnet to port 6667 FWIW. > > Here is some of it: > > Oct 4 19:25:41 physics kernel: Packet log: input DENY eth0 PROTO=17 61.134.9.133:26983 x.x.x.x:53 L=72 S=0x00 I=2 F=0x0000 T=48 (#47) > Oct 4 19:25:41 physics kernel: Packet log: input DENY eth0 PROTO=17 61.134.9.133:26983 x.x.x.x:53 L=72 S=0x00 I=3 F=0x0000 T=48 (#47) ... > Oct 4 19:25:42 physics kernel: Packet log: input DENY eth0 PROTO=17 61.180.7.130:30022 x.x.x.x:53 L=72 S=0x00 I=1 F=0x0000 T=47 (#47) > Oct 4 19:25:42 physics kernel: Packet log: input DENY eth0 PROTO=17 61.180.7.130:30022 x.x.x.x:53 L=72 S=0x00 I=2 F=0x0000 T=47 (#47) > Oct 4 19:25:42 physics kernel: Packet log: input DENY eth0 PROTO=17 61.180.7.130:30022 x.x.x.x:53 L=72 S=0x00 I=3 F=0x0000 T=47 (#47) > Oct 4 19:25:42 physics kernel: Packet log: input DENY eth0 PROTO=17 61.180.7.130:30022 x.x.x.x:53 L=72 S=0x00 I=4 F=0x0000 T=47 (#47) > Oct 4 19:25:42 physics kernel: Packet log: input DENY eth0 PROTO=17 61.180.7.130:30022 x.x.x.x:53 L=72 S=0x00 I=5 F=0x0000 T=47 (#47) > Oct 4 19:25:43 physics kernel: Packet log: input DENY eth0 PROTO=17 61.163.241.2:36633 x.x.x.x:53 L=72 S=0x00 I=1 F=0x0000 T=50 (#47) > Oct 4 19:25:43 physics kernel: Packet log: input DENY eth0 PROTO=17 61.163.241.2:36633 x.x.x.x:53 L=72 S=0x00 I=2 F=0x0000 T=50 (#47) ... > -- > Seth Milder > Deptartment of Physics and Astronomy > MS 3f3 > George Mason University > Fairfax, VA ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Oct 08 2001 - 14:41:18 PDT