From owner-freebsd-security Wed Oct 28 19:56:50 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA23950 for freebsd-security-outgoing; Wed, 28 Oct 1998 19:56:50 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns.mt.sri.com (sri-gw.MT.net [206.127.105.141]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA23936 for ; Wed, 28 Oct 1998 19:56:37 -0800 (PST) (envelope-from nate@mt.sri.com) Received: from mt.sri.com (rocky.mt.sri.com [206.127.76.100]) by ns.mt.sri.com (8.8.8/8.8.8) with SMTP id UAA19042; Wed, 28 Oct 1998 20:55:59 -0700 (MST) (envelope-from nate@rocky.mt.sri.com) Received: by mt.sri.com (SMI-8.6/SMI-SVR4) id UAA14862; Wed, 28 Oct 1998 20:55:53 -0700 Date: Wed, 28 Oct 1998 20:55:53 -0700 Message-Id: <199810290355.UAA14862@mt.sri.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: patl@phoenix.volant.org Cc: Kenneth Ingham , security@FreeBSD.ORG Subject: Re: Cause of NetBIOS-NS requests from outside In-Reply-To: References: <19981028171202.A4585@i-pi.com> X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > > I've recently started logging more of the packets which are denied > > > by my filters. Since then, I've noticed occasional bursts of UDP > > > packets aimed at the NetBIOS-NS port (137) on my primary server. > > > > > > Is this more likely to be M$ brain-damage, or an attempted probe > > > by some script-kiddie? > > > > M$ brain-damage. ... > So it's probably trying to contact my DNS server via NetBIOS-NS > protocol? Nope, it's doing a 'broadcast' on port 137, and it may have even gotten a reponse from a machine inside your network, depending on how you have your firewall setup. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message