On Tue, 3 Oct 2000, Sami Juvonen wrote:
Dan Hollis <goemon@sasami.anime.net> wrote on Sun, 1 Oct 2000 20:08:03 -0700 (PDT):
Anyone else seeing webtv probing your customers for QAZ? The following webtv hosts seem to be probing our dialup customers port tcp/7597:
WebTV Networks is not probing for QAZ.
After reviewing the log files Dan Hollis provided, it appears that these packets are normal TCP communication between a WebTV terminal and the WebTV service. The client terminal initiates a connection, picking a random source port. The service is trying to establish a connection with the client using that port. This behavior is not limited to WebTV. It appears that the packet from the service was caught in Dan's perimeter router ACL.
Please do not hesitate to contact us if you have any concerns about WebTV and security or network interoperability issues. Please see http://www.webtv.net/contact/contact.html for contact information.
Thank you,
Sami Juvonen, Systems Engineer, WebTV Networks, Operations Engineering
So, Dan's ACL was trapping any TCP traffic destined to 7597 and not just TCP SYN? --- John Fraizer EnterZone, Inc