[OpenAFS] Strange logs from a Windows Client

Steve Simmons scs@umich.edu
Thu, 17 Mar 2011 17:39:38 -0400


On Mar 17, 2011, at 5:16 PM, Russ Allbery wrote:

>> We have occasionally seen these. Other folks here tell me it's =
usually
>> due to low-quality hacking tools doing UDP-based probes. When they
>> happen here, the source address is always from various places
>> off-campus.
>=20
> That was my first thought as well, but it's a fairly huge coincidence =
for
> a generic hacking tool to connect to port 7000 from source port 7001.

Yah, that does look odd. Unfortunately all our old instances of it have =
expired from my email trash. Next time it occurs I'll see if ours are =
like that.=