nanog mailing list archives

Re: QAZ probes from webtv?

From: John Fraizer <nanog () EnterZone Net>
Date: Tue, 3 Oct 2000 21:52:27 -0400 (EDT)


On Tue, 3 Oct 2000, Sami Juvonen wrote:


Dan Hollis <goemon () sasami anime net> wrote on Sun, 1 Oct 2000 20:08:03 -0700
(PDT):

Anyone else seeing webtv probing your customers for QAZ?
The following webtv hosts seem to be probing our dialup customers port
tcp/7597:


WebTV Networks is not probing for QAZ. 

After reviewing the log files Dan Hollis provided, it appears that
these packets are normal TCP communication between a WebTV terminal
and the WebTV service. The client terminal initiates a connection,
picking a random source port. The service is trying to establish a
connection with the client using that port. This behavior is not 
limited to WebTV. It appears that the packet from the service was
caught in Dan's perimeter router ACL.

Please do not hesitate to contact us if you have any concerns about
WebTV and security or network interoperability issues. Please see
http://www.webtv.net/contact/contact.html for contact information.


Thank you,

Sami Juvonen, Systems Engineer, 
WebTV Networks, Operations Engineering



So, Dan's ACL was trapping any TCP traffic destined to 7597 and not just
TCP SYN?


---
John Fraizer
EnterZone, Inc

Current thread:

QAZ probes from webtv? Dan Hollis (Oct 01)
- <Possible follow-ups>
- Re: QAZ probes from webtv? Sami Juvonen (Oct 03)
  - Re: QAZ probes from webtv? John Fraizer (Oct 03)
- Re: QAZ probes from webtv? Dan Hollis (Oct 03)