[Dshield] Increase in probes *from* port 80, to random ports

Stephane Grobety security at admin.fulgan.com
Mon Jun 17 14:44:51 GMT 2002


You are probably just seeing the result of an improper firewall/nat
configuration: response paquet that are marked as "bas" because the
client query that initiated them has been "forgotten" by the stateful
inspector or by the NAT: Since it doesn't remember a connection from
inside with these parameters, it's tagging the packets as bad and
dropping them.

If you think this is not the case, then please do give more
information about your setup: are you a single user or a net admin ?
What kind of software are you using: a firewall (gateway or personal),
some form of ACL, a NAT device ? Please incluse sample log (obfuscate
the IPs if you want)

Good luck,
Stephane
-- 
Best regards,
 Stephane                            mailto:security at admin.fulgan.com




More information about the list mailing list