-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We are seeing a fair number of fragments hitting tcp/25 and tcp/24942 on external firewall interfaces (originating from the same source IP). Hits on tcp/25 are fairly obviously attempts to find a mail server, but I'm not familiar with tcp/24942, and a quick look at Google, CERT, and the Security Focus search page (including the mailing lists) came back with no hits for "24942". Does anyone have an idea about what activity this might represent? Regards m. Matthew Todd, Ph.D. Financial Engines, Inc. ph: 650.565.4932 fx: 650.565.4932 http://www.financialengines.com 58E5 4416 0EA7 075E FA3C 0B67 5064 9A9C 0593 6C72 -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPnCzUFBkmpwFk2xyEQJd+wCfdum1wf6UdGL9NbkXNGN4dSFuw2QAn3pK 2J1YYJ7XsncL7DQuqyV5jImy =KluF -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
This archive was generated by hypermail 2b30 : Thu Mar 13 2003 - 09:37:18 PST