Interesting. Some ISP's running DNS services might mark some domain names with an IP address of 127.0.0.1 to mitigate a Denial of service attack against the domains in question (Of course 127.0.0.1 addresses will be resolved back to the local computer).
I find it a bit odd that the destinations are internal network addresses (I assume internal machine IP address is a non-routable IP address on the internet?) I know when the blaster worm was circulating Sprint set some of their DNS servers to point windowsupdate.com at 127.0.0.1 . Just some ideas. On Thu, 2004-03-18 at 21:57, Shane&Lisa wrote: > Hi all, is any body else getting firewall logs yelling: > > 127.0.0.1 on port 80 (external) to <internal machine address> port < > unprivileged port # > (internal) > > over and over again? > > I'm just getting pounded with these... > > Ideas? > > Shane > > > _______________________________________________ > clug-talk mailing list > [EMAIL PROTECTED] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca -- Mike Petch CApp::Sysware Consulting Ltd. Suite 1002,1140-15th Ave SW. Calgary, Alberta, Canada. T2R 1K6. (403)804-5700. _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
