Joe, A couple of questions... > Between 17:09 and 17:25 (MST) our firewall recorded > an unusual spike in attempted connections on port > 4927 (i.e., we've never recorded any traffic to this > port before; to see seven different hosts connecting > to it in such a short period is for us, well, > unusual). You say your firewall recorded these packets, and then you said that 7 different remote hosts "connected" to the port. Is this, in fact, the case? Or did your firewall "block" these packets? It looks like your firewall did block the packets (based on the log excerpts you sent). Since these packets seem to have been blocked, the question then becomes...so what? You'll have to go ask the people who scanned you.... __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 13:32:44 PDT