From owner-freebsd-security Tue Nov 9 12:28: 6 1999 Delivered-To: freebsd-security@freebsd.org Received: from crash.ab.videon.ca (crash.ab.videon.ca [206.75.216.220]) by hub.freebsd.org (Postfix) with ESMTP id 2437215148 for ; Tue, 9 Nov 1999 12:28:02 -0800 (PST) (envelope-from cwasser@v-wave.com) Received: from area51 (area51.v-wave.com [24.108.26.39]) by crash.ab.videon.ca (8.9.2/8.9.2) with SMTP id NAA15168; Tue, 9 Nov 1999 13:27:43 -0700 (MST) Message-ID: <001d01bf2af1$38b2f380$271a6c18@vwave.com> From: "Chris Wasser" To: "Vladimir Dubrovin" , "Mike Pritchard" Cc: References: <19991109060320.B7018@mppsystems.com> <3779.991109@sandy.ru> Subject: Re: Re[2]: Port 137 hitting my server Date: Tue, 9 Nov 1999 13:29:15 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ----- Original Message ----- > UDP 137 is a port for NetBIOS name resolution. Microsoft realization > for IP->name resolution includes both DNS and netbios resolution. Every > time you connect to hosts running MS products (for example IIS) > which resolves your IP - host tries to resolve your NetBIOS name by > sending UDP packet to your 137 port. Noone hacks you it's ok ;) This is common knowledge. > You're wrong if you think only MS products do things like that. E.g. > sendmail tries to check your name via authorization (TCP 113) > protocol. Polling port 113 (identd) is one thing, NETBIOS name resolution is quite another. Microsoft always wants to be different from everyone, including by attempting to rewrite standards. > MCSE, MCP+I Sorry to break the news to you, but those aren't worth the paper they're printed on. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message