TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- Anyone have any ideas on this one? Is this a true smurf or a false positive? My RS engine keeps flagging smurf attempts but I can't seem to corroborate it. I have traced the target IP's on my networks to 2 machines used by our co-ops. I have tried using a sniffer several times to see what's happening, but I can never seem to catch a suspected smurf in progress. The only thing I can tell they're doing is using AOL Instant Messenger. 1) Does IM use ICMP? 2) Do IM chat messages travel from client to client, or do they go through a central server? 3) Is there a way for a client to find the IP address of another client in order to smurf them? The other possibility is that they have unknowingly installed some trojaned software. But I never see outbound ICMP's, only inbound. Also, all source address for the smurfs appear to be ISP or university dial or DHCP hosts. Any help would be greatly appreciated... Thanks, Tim Tim A. Irwin Manager - SVT Lab Advanced Networking Division BellSouth Telecommunications Phone: (205) 982-9715 E-mail: [EMAIL PROTECTED]
