Since the new year, I've seen a merked rise in denied packets heading to port 524. I understand that this is a standard Netware IP port of some kind. Does anyone know if there's a new scanner that includes this port? Or a possible malfunction in a well-known piece of software that could cause this behavior? I spoke with an admin whose ip I pulled out of my log, and he said the machine which had been trying to reach me had been a secretaries machine, and an unlikely source for an attack. I suggested there could be a trojan of some sort. He did let me know that he was running in a netware shop. Mark Felps Log Sample: 1/16/2001 12:36:02 PM:<162>%PIX-2-106001: Inbound TCP connection denied from 216.48.241.34/4806 to 10.100.1.10/524 flags SYN 1/16/2001 12:36:05 PM:<162>%PIX-2-106001: Inbound TCP connection denied from 216.48.241.34/4806 to 10.100.1.10/524 flags SYN 1/16/2001 12:36:11 PM:<162>%PIX-2-106001: Inbound TCP connection denied from 216.48.241.34/4806 to 10.100.1.10/524 flags SYN ****************************************************************** This email has been checked for viruses by CBS Payroll. ****************************************************************** - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
