Firewalls: Internic Port Scanning

Firewalls
(November 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Internic Port Scanning
From:	cjolley @ iac . net
Date:	Thu, 09 Nov 95 12:11:54 -0500
To:	firewalls @ greatcircle . com

Recently one of my co-workers sent an e-mail to hostmaster @
 internic .
 net .
 
The message was not delivered immediately and is still waiting at the
firewall for retry (i.e. every four hours for 5 days). However very
shortly after the attempt to send this message, our firewall began
seeing attempts to connect to high _TCP_ (not UDP) port numbers. The
IP address appears to be that of the InterNic. Does anyone know what's
going on? Is this the InterNic trying to validate the e-mail as coming
from my site or might this be someone spoofing the InterNic address
while trying to do some port scanning? 

**** cjolley @
 iac .
 net <Carl Jolley>
**** All opinions are my own and not necessarily those of my employer ****

Follow-Ups:

Re: Internic Port Scanning
From: Shaw Innes <mcleod @ odyssey . com . au>

Indexed By Date	Previous:	Re: Restricting URL's From: "Edward J.M. Carley Jr." <ejc @ gumby . bridgewater . ne . hcc . com>
Indexed By Date	Next:	CID spoofing From: Brain21 <brain21 @ montag33 . residence . gatech . edu>
Indexed By Thread	Previous:	Re: FireWall-1 licensing From: george rossi <george @ phm . gov . au>
Indexed By Thread	Next:	Re: Internic Port Scanning From: Shaw Innes <mcleod @ odyssey . com . au>