Any ideas what this might be?
206.249.128.119(2986) -> 204.247.159.244(110), 1 packet
Apr 20 13:18:28 gate247158.connectix.com 6804: %SEC-6-IPACCESSLOGP: list 190
denied tcp 206.249.128.119(4414) -> 204.247.159.244(110), 1 packet
Apr 20 13:22:37 gate247158.connectix.com 6805: %SEC-6-IPACCESSLOGP: list 190
denied tcp 206.249.128.119(1720) -> 204.247.159.244(110), 1 packet
Apr 20 13:23:49 gate247158.connectix.com 6806: %SEC-6-IPACCESSLOGP: list 190
denied tcp 206.249.128.119(4414) -> 204.247.159.244(110), 93 packets
Apr 20 13:27:49 gate247158.connectix.com 6807: %SEC-6-IPACCESSLOGP: list 190
denied tcp 206.249.128.119(1720) -> 204.247.159.244(110), 148 packets
Apr 20 13:33:49 gate247158.connectix.com 6808: %SEC-6-IPACCESSLOGP: list 190
denied tcp 206.249.128.119(1720) -> 204.247.159.244(110), 139 packets
First, there is no POP server on this machine, it looks to me like a shot in
the dark. This is our web server, so it is our most visible host on the
internet, and I get alot of weird connection attempts to it. This is the
only re-occuring pattern that I see on a weekly basis. It's always the same;
one or two packets to port 110, then a a couple batches of 100+ to the same
port, then I guess they give up. It is usually from a host in another
country (Malaysia or Italy), and there is no reason for any of our employees
to be at these sites.
Weird!
Robert Sansom
Net Admin
Connectix Corp.
sansom @
connectix .
com
(415) 638-7398
Follow-Ups:
|
|
