Rick, Please dont post in HTML. > I figure they must be using one of those new port scanners > (not new just popular now) that can scan through port sentry > does 1/2 completed requests, from what I understand - not > enough to trigger port sentry but enough to get the info it needs. most portscanners have been sending SYN and FIN packets for ages. These do however trigger portsentry. The way you get round portsentry is to scan really really slowly and using lots of different hosts. There are popular scanners availiable that do this atm (www.insecure.org/nmap) I suspect they did a standard scan across thier LAN on the relevant port and because portsentry effectivly listens on all ports it picked it up. This is the way the advanced stealth works, and its really too high a setting for most uses. The best way to avoid being a target for crackers is to not stand out, dont make your machine appear different, but i've explained this before. -- /\/\ a R ( _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
