I wish to thank every one who provided information and suggested steps to me. As I stated in the original e-mail message, I was interested in finding out what the systems were looking for since the scans were being stopped at the perimeter. The organization that originally brought the information to my attention believes the following is the source of these scans. There's a P2P utility called EDonkey that uses UDP 466x and allows any edonkey user to publish an IP and port of a peer. Apparently, someone mistyped an IP address; hence the scans. Again thanks to everyone for their assistance. Ken Grossman, CISSP kgrossmanat_private (202) 401-7142 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Aug 06 2002 - 09:01:10 PDT