Date: Fri, 01 Dec 2000 21:50:17 +0900 From: Melon <melon@orangenetwork.net> To: freebsd-security@freebsd.org Subject: Re[2]: 137/udp Message-ID: <3A279E89A0.BF8CMELON@postman.orangenetwork.net> In-Reply-To: <Pine.BSF.4.21.0011301946060.44881-100000@turtle.looksharp.net> References: <3A26A013136.BF8AMELON@postman.orangenetwork.net> <Pine.BSF.4.21.0011301946060.44881-100000@turtle.looksharp.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, I'm not familiar with NetBIOS behavior, but I know 137/udp (source) -> 53/udp (destination) is used for name resolving. All of Windows and Windows NT clients here are not installed Microsoft network sharing service, but I have Samba server for these Windows clients as the file server. I expected any of 137/udp packets incoming from outside of my LAN are illegal before. I wanted to know... * How 137/udp packet is sent for my network from Internet? * All of 137/udp packets are intended for portscan or explicit attack? I have missed to tell this... When 137/udp was sent here (the PC I'm writing this e-mail; Windows 98 SE), I was running Napster just for uploading a file. I'm logging an IP address of all 6699/tcp connections for security reason. Since I was doing tail -f [logname_for_my_firewall], I found 6699/tcp and 137/udp were coming from the same IP address. I asked him/her "Did you do something for my computer?" using Napster, I expected he or she would ignore my stupid question if he/she really or explicitly attacked me. However, the person who were connecting from the IP address was replied me and not seemed cracker. I have talked with so much entry-level pc users, so I asked him/her detailed PC related question. I can't believe he/she have attacked me. Now, I got problem. I expected *all* 137/udp from the outside are only intended for cracking. So I would like to know the 2 points listed above. - Melon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A279E89A0.BF8CMELON>