>external(possibly spoofed)host:53 -UDP-> localsystem:987 >external(possibly spoofed)host:53 -UDP-> localsystem:988 >external(possibly spoofed)host:53 -UDP-> localsystem:989 These are probably replies to queries from your own machines who are behind a NAT: http://www.robertgraham.com/pubs/firewall-seen.html#1.9 This is a PTR response to resolve the IP address of 192.168.200.82. Since this is a private address, it points to one machine behind your NAT resolving the IP address of another machine behind your NAT. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Feb 24 2002 - 20:54:22 PST