what is this probe??
E Frank Ball III
frankb at efball.com
Thu Jul 6 15:02:10 PDT 2000
I got this probe today. It is a ICMP connection to port 13?
Anybody know what they were trying to do? I've only seen ICMP
connections to port 0 before.
Security Violations
=-=-=-=-=-=-=-=-=-=
Jul 6 13:43:15 zouave kernel: Packet log: input DENY eth0 PROTO=1
172.31.105.12:3 209.204.172.XXX:13 L=56 S=0x00 I=54743 F=0x0000 T=48 (#3)
Also the source address is a private network address, the firewall rule
that caught it was a one I put in for IP address spoofing.
E Frank Ball frankb at efball.com
work: (707) 794-4168 home: (707) 538-3693
More information about the talk
mailing list