Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 06 Mar 1998 15:38:50 -0700
From:      Blaine Minazzi <bminazzi@w3page.com>
To:        David Babler <root@Rigel.orionsys.com>
Cc:        freebsd-isp@FreeBSD.ORG
Subject:   Re: Port 137 access - somebody monkeying around?
Message-ID:  <35007AFA.475951E5@w3page.com>
References:  <Pine.BSF.3.96.980306132649.6827G-100000@Rigel.orionsys.com>

next in thread | previous in thread | raw e-mail | index | archive | help
David Babler wrote:
> 
> Perhaps this might belong to FreeBSD-security, but what the hey - it
> involves ISPs too...
> 
> My ipfw rules deny and log all services that I don't support here, and
> I've noticed that I will often see a string of access attempts on my port
> 137 (NetBIOS Name Service) from foreign addresses (not once from any of my
> dialup customers). I was under the impression that these contacts might be
> Bad Guys trying to take advantage of some known exploit, thinking I was
> running NT or something. Is that a valid assumption, or is there some
> legitimate reason why foreign IPs should be trying to connect to that
> port? I complained once to a system one of whose dialup customers
> continued a port 137 probe on and off for an hour. When the user was
> contacted, he claimed he had NO IDEA what we were talking about, that he
> might have just "tried something" with a browser.

Bullshit. Sounds like He was trying to break into an NT box, or attack
through SAMBA. 

> Am I being too paranoid?

You can NEVER be too paranoid, esp. on the net.

Next time it happens, contact the ISP, and tell them that the user is
trying to hack into your server.

Good luck,

Blaine

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35007AFA.475951E5>