On Sun, 30 Sep 2001 13:35:14 +0300, Pekka Savola said: > - users running traceroute, on incomoing icmp time exceeded messages > triggering an icmp flood "detection" > - using a public ftp server, thus generating an ident query > - using an smtp server, -""- > - etc.
My personal pet peeve - getting complaints that one of my machines is scanning some user's machine with source port 123. Odd that the machine in question was the target of the CNAME 'ntp-2.vt.edu' ;) /Valdis
