From owner-freebsd-security Thu Nov 30 10:58: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from kira.epconline.net (kira.epconline.net [209.83.132.2]) by hub.freebsd.org (Postfix) with ESMTP id 420D937B400 for ; Thu, 30 Nov 2000 10:58:00 -0800 (PST) Received: from therock (betterguard.epconline.net [209.83.132.193]) by kira.epconline.net (8.9.3/8.9.3) with SMTP id MAA76670 for ; Thu, 30 Nov 2000 12:57:57 -0600 (CST) From: "Chuck Rock" To: Subject: RE: 137/udp Date: Thu, 30 Nov 2000 13:00:27 -0600 Message-ID: <003f01c05aff$cd481ef0$1805010a@epconline.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-Reply-To: <3A26A013136.BF8AMELON@postman.orangenetwork.net> Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Port 137 is NetBIOS Name Service, and NetBIOS is used by Windows for network communications. You have some users with the Microsoft Client in their network configuration trying to speak to your firewall, and these packets are getting rejected. The users with the Microsoft client may have a huge security hole if they are coming in from the Internet. That would mean their computer is either listening on their Internet IP's for other network clients, or they are specifically scanning for computers configured this way so they can try to log into them for themselves. My 2 cents, Chuck > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Melon > Sent: Thursday, November 30, 2000 12:45 PM > To: freebsd-security@FreeBSD.ORG > Subject: 137/udp > > > Hello, > > All network administrator may always see rejected 137/udp packet... > > I want to know how these udp packets are occured? > I expect some stupid kids attacked me. However, is there any exception? > > Someone sent only 3 137/udp packets to specific IP address. In general, > these stupid does not sent to specific IP address, sent to all IP > addresses I have. > > Any suggestions appreciated. > > - Melon > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message