Jim Watt wrote:
> On Tue, 2 Oct 2001, Ron DuFresne wrote:
>
> }
> } I suspect this has nothing at all to do with nimda, and has all to do with
> } someone trying to tunnel IPX through yer firewall, unless there is a new
> } nimda variant and there has been no news of that. What seems to place the
> } icing on the cake, is the netware client on the machines in question.
> } That and the fact that 524 is NOT a standard known TCP/IP port.
> }
> } Thanks,
> }
> } Ron DuFresne
> }
>
> See...
>
> http://www.novell.com/coolsolutions/netware/features/a_ports_nw5_nw.html
>
> It's listed as "ncp" in some systems' /etc/services, probably for "Netware
> Core Protocol".
>
> Jim
>
That is correct. Netware clients >=v4.8 will automatically connect to Netware
servers >=v5.0 on TCP port 524.
If it is IPX tunnel related, then 28 non-mnscu.edu IP addresses are currently
trying to tunnel through our firewalls.
Hmmm...
I'm still betting that this is nimda on desktops with Netware Clients. We
de-wormed a couple of desktops yesterday & they stopped scanning us.
--
-----------------------------------------
Michael Janke
Minnesota State Colleges and Universities
Saint Paul MN 55108
--------From real Server 7.0 startup------
Starting RealServer 7.0 Core...
Loading RealServer License Files...
Detecting Number of CPUs...
Testing 1 CPU(s): 1 CPU Detected, Phew...
-----------------------------------------
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
