Hi,
in fact, there is a page with a similar title:
FAQ: Firewall Forensics (What am I seeing?)
http://www.robertgraham.com/pubs/firewall-seen.html
hth,
dirk.
> -----Original Message-----
> From: Dave Horsfall [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, November 07, 2000 8:07 AM
> To: Firewalls List
> Subject: Packets seen on a firewall [*]
>
> I assume that source port 0 is completely invalid? Or is this a grossly
> misconfigured system?
>
> Nov 5 09:35:48 denied tcp 200.202.210.125(0) -> xxx.xxx.xxx.149(110), 1
> packet
> Nov 5 09:35:48 denied tcp 200.202.210.125(0) -> xxx.xxx.xxx.49(110), 1
> packet
> Nov 5 09:35:48 denied tcp 200.202.210.125(0) -> xxx.xxx.xxx.47(110), 1
> packet
>
> (A whole bunch of these, sent to this class C, from some place in Brazil)
>
> [*] Sounds like a good title for a paper :-)
>
> -- Dave
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
