I have also noticed this packages. It started here at the end of September and we had more than 1700 packets since then. I found out that this packets definitely come from "outside" and not from a misconfigured machine in my own network. Unfortunately I don't know any more about this. Joerg -----Ursprüngliche Nachricht----- Von: Hemsley, Trevor [mailto:Trevor.Hemsley@atosorigin.com] Gesendet: Freitag, 7. November 2003 16:44 An: suse-security@suse.com Betreff: [suse-security] External packets from localhost[Scanned] Has anyone else noticed a large number of packets arriving on their external interfaces recently where the source address is 127.0.0.1? Over the past day and a half I've seen 300 packets with destination ports between 1001 and 1994 with the most widely used ones being 1770, 1869, 1514, 1274, 1001 and 1256. Looking back through my logs, it seems that this started happening at the beginning of September and has been getting worse in each log file since that date. Looks most weird and I can't think of anything legitimate that could be doing it. Trevor Hemsley, Security Specialist, Atos Origin Ltd, Whyteleafe, +44-(0)1883-628139 [This e-mail and the documents attached are confidential and intended solely for the addressee ; it may also be privileged . If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on internet, the Atos Origin group liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted.] -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here