Since the "From" port is 25 (SMTP), this would appear to be a late response from a mailserver on the Internet that your mailserver was sending outbound mail to (anyone in your office send an email to someone at Randox Laboratories Limited?)
Randox Labs appears to be a supplier of forensic equipment and supplies, so it's probably not a case of someone installing software written by them that is trying to "phone home". In any event it would seem unlikely that this is a port scan as the destination port is way above the well known services, and a search for "12961" didn't turn up anything interesting in the way of network ports. Mike Burden Lynk Systems http://www.lynk.com (616)532-4985 [EMAIL PROTECTED] > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, April 10, 2002 8:11 AM > To: [EMAIL PROTECTED] > Subject: [gb-users] Filter Block > > > We have just moved our email onto the smtp proxy on the > GB1000. However I > have just received the following :- > > INTERFACE TYPE: External > ALARM TYPE: Block > IP PACKET: TCP > [194.203.33.66/25]-->[212.137.60.114/12961] l=0 f=0x14 > > from the gnatbox. Not wanting to panic unduly I thought I > would ask the > experts for enlightenment before I start to get complaints of missing > emails. > > rgds > > gmcb > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > To subscribe to the digest version first unsubscribe, then > e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archive of the last 1000 messages: > http://www.mail-archive.com/[email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected]
