I'm having the exact same issue. My management box is Win2000, but it is patched. I've run stinger and it finds nothing. My logs show exactly what you are describing. It is troubling because I can't figure what is wrong.
David -----Original Message----- From: Hal Dorsman [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 02, 2003 6:00 PM To: [EMAIL PROTECTED] Subject: Re: [FW-1] log entry: source localhost Blaster? Must be a variant I have not seen. I thought Blaster was a RPC exploit. I am confused why it shows source as localhost. I am not turning up anything with any searches. You have any links? thanks, Hal > > Recently I've been seeing log entrys on my NG3 box > > show up on my external interface with a source of > > "localhost". A snoop shows source port 80 to various > > IPs and ports in the 1000-2000 range. They are being > > dropped by rule 0, but I do not recall ever seeing this > > behavior before. Is this a spoof attempt? > > No. It's Blaster. > -- > Crist J. Clark > [EMAIL PROTECTED] > Globalstar Communications > (408) 933-4387 > > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
