[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] UDP port 1101 and 1109?
Hi Firewallers, I had a little 'incident' last nite. Some AT&T Global dialup customer with apparently nothing better to do but sit and monitor his Blackice (or whatever) logs called, wrote, paged and spammed everyone here because he claimed we were 'port-scanning' his machine. A portion of his logs that he sent follows: FWIN,2000/09/06,18:28:18 -8:00 GMT,208.x.x.x:44224,32.102.x.x:1101,UDP FWIN,2000/09/06,18:28:18 -8:00 GMT,208.x.x.x:44227,32.102.x.x:1109,UDP FWIN,2000/09/06,18:29:18 -8:00 GMT,208.x.x.x:44232,32.102.x.x:1101,UDP FWIN,2000/09/06,18:29:18 -8:00 GMT,208.x.x.x:44235,32.102.x.x:1109,UDP FWIN,2000/09/06,18:30:20 -8:00 GMT,208.x.x.x:44237,32.102.x.x:1101,UDP It appears that our FW module (208.x.x.x) was repeatedly trying to connect to his UDP port 1101 and 1109 for a period of about 18 minutes. My logs show nothing for this period. Any of you bright sparks have a guess as to what this might have been? UDP 1101 is apparently pt2-discover (registered by siemens.de), but apart from that I have no clue on this one. Any takers? Thanks, Ian ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|