Hi to all, Beginning from 6th of March until today, I' ve been continously observing a very strange and presumably dangerous probe (possibly caused by a new trojan or trojan-like tool) in my Firewall logs. The source IP is different real-world IP' s, the destination IP is always my FW' s outer interface IP, and the service port is tcp 3139. However, it' s s.thing like a "masked" action. Because, when I analyse the logs in detail, Xlate Dest IP' s are any of our DMZ IP' s (random), and the Xlate Destin Port is, tcp 80 - http !!! Has anyone faced this similar oddity? I' ve searched all the sec. sites, news, but nope!!! Thanks in advance... ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Mar 15 2002 - 12:10:33 PST