John Hall wrote: > We've identified several of the sources of these packets as either > BIG-IP's or 3-DNS's. None of them actually have port 6667 open, so > that looks like an artifact of some device between the host your ran > nmap upon and the destination hosts. Two of them are 3-DNS's operated > by realmedia.com (3dns.east.realmedia.com and 3dns.west.realmedia.com) > and several of the others are probably BIG-IP's operated by them as > well. It looks like they've modified the 3-DNS Round Trip Time probe > settings to do five probes at a time, which some may consider excessive. > > I've forwarded this information to our Support group to see if we can > help them configure their 3-DNS's to be a little less noisy. If you > find these probes obnoxious, you can contact them and ask them to add > you to their 3-DNS do-not-probe list. One thing you should understand > is that these probes are prompted by a DNS request from your site and > result in you getting better service from their sites. Once you are > on the do-not-probe list, you will most likely get poorer service from > them. > > JMH > Thanks a lot. If they are not malicious, then it is not such a big deal and I will not pursue it. I've just never seen anything like this and I was just curious to find out what it was. Thanks to the people on this great list, I have my answer. Thanks again. -- Seth Milder Deptartment of Physics and Astronomy MS 3f3 George Mason University Fairfax, VA -- Confidence is simply that quiet, assured feeling you have before you fall flat on your face. -- Dr. L. Binder ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Oct 09 2001 - 08:21:22 PDT