Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 6 Mar 1998 13:35:26 -0800 (PST)
From:      David Babler <root@Rigel.orionsys.com>
To:        freebsd-isp@FreeBSD.ORG
Subject:   Port 137 access - somebody monkeying around?
Message-ID:  <Pine.BSF.3.96.980306132649.6827G-100000@Rigel.orionsys.com>

next in thread | raw e-mail | index | archive | help

Perhaps this might belong to FreeBSD-security, but what the hey - it
involves ISPs too...

My ipfw rules deny and log all services that I don't support here, and
I've noticed that I will often see a string of access attempts on my port
137 (NetBIOS Name Service) from foreign addresses (not once from any of my
dialup customers). I was under the impression that these contacts might be
Bad Guys trying to take advantage of some known exploit, thinking I was
running NT or something. Is that a valid assumption, or is there some
legitimate reason why foreign IPs should be trying to connect to that
port? I complained once to a system one of whose dialup customers
continued a port 137 probe on and off for an hour. When the user was
contacted, he claimed he had NO IDEA what we were talking about, that he
might have just "tried something" with a browser. 

Am I being too paranoid?

-Dave


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980306132649.6827G-100000>