On Monday, September 30, 2002 10:05 PM, Brett Procter [SMTP:Brett.Procterat_private] wrote: > > Hmm, > > Internode ADSL (Adelaide Aust) > > 15 hits yesterday, 38 so far today (22:04 GMT+10), 1 from local > network yesterday, 5 today. Yes. I'm starting to see iprimus, rivernet and tpgi as well as internode since my last mail. It also seems that I may have lied when I said that the packets look like normal packets. From my experimenting at home it looks to me like normal packets have both the source and destination ports being 137 and don't normally have the broadcast bit set. In my logs there are none of these packets with a source port of 137 and the broadcast bit is always set. Most source ports are between 1025 and 1036 with only a small percentage outside this range. It also seems that the _rate_ at which I'm getting the hits is increasing too. Interesting indeed. I wonder what it all means. Ooroo Mark Forsyth <snip> ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Sep 30 2002 - 14:01:04 PDT