Dennis Glatting wrote: > I was looking through my firewall logs and found this gem: > > Oct 17 03:43:33 btw /kernel: Oct 17 03:41:34 btw /kernel: > ipfw: 7800 Unreach TCP 12.1.224.109:80 206.129.5.146:1115 > in via xl1 >
I haven't used ipfw in a while; I assume this means that the source of the packet was the 12 address and the destination was your printer, and it came from outside your firewall, right? If this is the case, there is a much simpler explanation: someone is attacking the web server at 12.1.224.109 using fake IP addresses; the server is responding to the source address of the packet, and you catch it. /ji -- /\ ASCII ribbon | John "JI" Ioannidis * Secure Systems Research Department \/ campaign | AT&T Labs - Research * Florham Park, NJ 07932 * USA /\ against | "Intellectuals trying to out-intellectual / \ HTML email. | other intellectuals" (Fritz the Cat) --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
