Can you give me an idea of what's going on when external machines attempt
connections using seemingly random high tcp Service port numbers (in
typical cases: 47000+) with a Source Port of HTTP? This type of inbound
traffic is blocked but I'd like to know what's going on. An example site
doing this is www.cimedia.com but using 206.251.18.85 to come back to us.
Is this some type of attempted push using a reverse HTTP from their server
to our clients? If so, do our client browsers initiate this reverse traffic
in some way?
Are these sites just scanning to see if these machines will respond to
these high ports using a source port of 80? HTTP tunneling attempts?
Thanks for any help, Roger
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
