Thanks For the comments, In actuall fact we did do a Portscan and found several ports vulnarable. These were identdresp,bindvrs all others were ok( We used ISS portsscan tools)( should be ok ) what we also did was sniff the net witha scope and capture some traces. Each time we managaed to get almost the start of the conversation and then we lost the initating packet. The worry hjere is that the Trin00 deamon can be activated via ICMP aswell wich makes it even more fustrating as there are tonnes of the packs floating at anyone time within the network. ARP's ICMP redirectand SNMP all require ICMP for route determination. The likely hood of a Sniffer program on our ethernet is minimal as it is colocated and locked up to anybody but us. we have checked this and it is impossible. The bind version we are running is the latest patch from Cobalt. RaQ3-All-Security-4.0.2-9353.pkg. If this is incorrect than Cobalt have something to answer for!!!!!!! Anyways It seems my only recourse is rebuild . This will take me a while . So a Question to and for the learned of us. How do I turn off directed Broadcasts on my Baynetworks ARN router to minimise the UDP traffic being generated by the cobalt. I have looked at blocking port 27444 and 27454 slave master ports via filters on the router but is there more???? Regards KEN ____________________________________________________________________ Kenedi Celik Email: [EMAIL PROTECTED] Mob: 04 12 980 980 _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
