Another thing to keep in mind is load balancers life F5's BigIP... when used inconjunction with 3DNS, these devices will test connectivity back to clients to try and determine load balancing algorithms for geographically distributed load balancing. - Herman On Thu, 14 Sep 2000, j a s o n wrote: ->>Oliver Hofmann wrote: ->>> ->>> X-Priority: 3 (Normal) ->>> X-Authenticated-Sender: #0000558616@gmx.net ->>> X-Authenticated-IP: [134.95.151.83] ->>> Message-ID: <17912.968921288@www15.gmx.net> ->>> X-Mailer: WWW-Mail 1.5 (Global Message Exchange) ->>> X-Flags: 0001 ->>> Content-Type: text/plain; charset="us-ascii" ->>> Content-Transfer-Encoding: 7bit ->>> ->>> Hello everyone! ->>> ->>> Been using Google for quite a while now, usually not from a static IP ->>> though. Recently I noticed the following log entries showing up frequently ->>> while I was not browsing their site: ->>> ->>> Sep 12 15:21:40 oho snort[1345]: spp_portscan: PORTSCAN DETECTED from ->>> 64.209.200.100 ->>> Sep 12 15:21:46 oho snort[1345]: spp_portscan: portscan status from ->>> 64.209.200.100: 1 connections across 1 hosts: TCP(1), UDP(0) STEALTH ->>> Sep 12 15:21:52 oho snort[1345]: spp_portscan: End of portscan from ->>> 64.209.200.100 ->>> ->>> While I am aware that they are not doing a portscan I'm curious ->>> nevertheless. Any idea what this might be about? ->>> ->>> ->>> Many thanks in advance, ->>> ->>> Oliver ->> ->> ->>It would be a safe guess that who ever is port scanning you is ->>spoofing google's IP. ->>This is not uncommon in the world of port scanning. Take nmap ->>for instance, it gives you an option to use a decoy address ->>when scanning a host. ->>jason ->> ->>--------------------------------------------------------------------- ->>To unsubscribe, e-mail: suse-security-unsubscribe@suse.com ->>For additional commands, e-mail: suse-security-help@suse.com ->>