I answered on Friday, but it looks like my response never got through, so I'll try again:
The traffic is coming *FROM* port 110, not *TO* port 110. This means that the POP server is on the Internet, not a host on the Internet trying to contact a POP server on your network. What this most likely means is that someone on your network is retrieving email from an email server outside of your network, such as Yahoo, Hotmail, or somesuch. When the server on the Internet is overloaded, or when there is network congestion between your network and the server, then some network packets come back after the GNAT Box has stopped expecting them. The GNAT Box then treats these as an attempt at an unsolicited inbound connection, and generates alarm messages. Mike Burden Lynk Systems http://www.lynk.com (616)532-4985 [EMAIL PROTECTED] > -----Original Message----- > From: Marc Suxdorf [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, October 09, 2001 3:13 AM > To: '[EMAIL PROTECTED]' > Subject: RE: Filter question > > > --------------------- Attention ----------------------------- > A digest version of this list is now available. > Send email to [EMAIL PROTECTED], with the following message: > subscribe gb-users-digest your_email_address > Then unsubscribe from this list. > ------------------------------------------------------------- > GNAT Box User Forum http://www.gnatbox.com/cgi-bin/Ultimate.cgi > Send postings to: [EMAIL PROTECTED] > Access the list archives at: http://www.gnatbox.com/gb-users/ > ------------------------------------------------------------- > Hi again > > I know, I am not a pro and maybe I should know this<g>. But > still, maybe > someone could just quickly let me know whether I am paranoid or not > (referred to my post below....). > > Thanks a lot! > > Marc > > > -----Urspr�ngliche Nachricht----- > Von: Marc Suxdorf [mailto:[EMAIL PROTECTED]] > Gesendet: Freitag, 5. Oktober 2001 09:40 > An: '[EMAIL PROTECTED]' > Betreff: Filter question > > --------------------- Attention ----------------------------- > A digest version of this list is now available. > Send email to [EMAIL PROTECTED], with the following message: > subscribe gb-users-digest your_email_address Then unsubscribe > from this > list. > ------------------------------------------------------------- > GNAT Box User Forum http://www.gnatbox.com/cgi-bin/Ultimate.cgi > Send postings to: [EMAIL PROTECTED] > Access the list archives at: http://www.gnatbox.com/gb-users/ > > > ------------------------------------------------------------- > Hi everyone > I get a lot of access attempts from ports 110 to very high > ports on my two > public IP addresses. I don't have a POP3 server running on > the gnat box, nor > do I have inbound filters configured for port 110. Could it > be that trojans > or hackers use 110 as their destination port in order to camouflage > something? > Thanks for any help > Marc > 04-10-2001 16:22:09 Local1.Warning 10.0.0.23 Oct 4 16:26:05 > FILTER: Remote > access filter blocks: TCP ep0 > [172.26.140.8/110]->[XXX.XXX.XXX.XXX/22453] > l=0 f=0x4. > > ---------------------------------------------- > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe gb-users your_email_address > in the body of the message > > > ---------------------------------------------- > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe gb-users your_email_address > in the body of the message >
