hi pete, Pete Soderling wrote:
Of course, the fact that I ran Gerald's logfile parser script and returned hits didn't help either.Oh yes, finally ... I did an nmap -sU -p 2002 and found it open. =(
run 'netstat -pln' on your cobalt appliance. if the output doesn't report an (unsuspicous) process listening on udp port 2002, i would be pretty alarmed.
on the other hand, when i nmapped my Qube yesterday, i found it listening on udp port 2002 as well. it turned out later that i would only get this result when executing nmap from my firewall. when i started nmap from hosts in my DMZ, udp port 2002 on the Qube was reported 'closed'. i didn't investigate why nmap from the firewall gave a wrong result, but this might be helpful information for you: confirm the results of nmap on another host.
good luck sven