> Aug 23 07:34:02 router 548124: Aug 23 07:37:06 MEST: > %SEC-6-IPACCESSLOGP: list 103 denied tcp > 210.117.126.206(15000) -> xx.xx.1.1(15000), 1 packet Port 15000 is used as a default for Borland/Visibroker's Gatekeeper product. It allows CORBA applications to multiplex through a single firewall port. Since your curious visitor used port 15000 as a source and a destination, it looks as though they might have been trying to bypass restrictions by using a port that might be let through. 80 would be a better choice, though. Who runs Gatekeeper, anyway? <g> On your question about hosts scanned: Can you see any relation between the numbers scanned and your actual network? i.e. did they have some pre-knowledge of what to poke for? -David ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Aug 23 2002 - 12:54:59 PDT