Date: Fri, 06 Mar 1998 23:54:35 -0600 From: Kris Kirby <kris@ninbox.ml.org> To: David Babler <root@Rigel.orionsys.com> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Port 137 access - somebody monkeying around? Message-ID: <3500E11B.ACD322CF@ninbox.ml.org> References: <Pine.BSF.3.96.980306132649.6827G-100000@Rigel.orionsys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
David Babler wrote: > My ipfw rules deny and log all services that I don't support here, and > I've noticed that I will often see a string of access attempts on my port > 137 (NetBIOS Name Service) from foreign addresses (not once from any of my > dialup customers). I was under the impression that these contacts might be > Bad Guys trying to take advantage of some known exploit, thinking I was > running NT or something. Is that a valid assumption, or is there some > legitimate reason why foreign IPs should be trying to connect to that > port? I complained once to a system one of whose dialup customers > continued a port 137 probe on and off for an hour. When the user was > contacted, he claimed he had NO IDEA what we were talking about, that he > might have just "tried something" with a browser. My question is this: Why are you worried about rejects? I'd make your alarms go off if I piped "QUIT" throught Netcat. What you should worry about is if they can get by the rules. > Am I being too paranoid? H-E-L-K No. You can never be too paranoid about security. -- Kris Kirby <kris@airnet.net> ------------------------------------------- TGIFreeBSD... 'Nuff said. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3500E11B.ACD322CF>