Blaster? Must be a variant I have not seen. I thought Blaster was a RPC exploit. I am confused why it shows source as localhost. I am not turning up anything with any searches. You have any links?
thanks, Hal > > Recently I've been seeing log entrys on my NG3 box > > show up on my external interface with a source of > > "localhost". A snoop shows source port 80 to various > > IPs and ports in the 1000-2000 range. They are being > > dropped by rule 0, but I do not recall ever seeing this > > behavior before. Is this a spoof attempt? > > No. It's Blaster. > -- > Crist J. Clark > [EMAIL PROTECTED] > Globalstar Communications > (408) 933-4387 > > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
