From owner-freebsd-security Fri Dec 1 4:50:34 2000 Delivered-To: freebsd-security@freebsd.org Received: from postman.orangenetwork.net (ns.orangenetwork.net [211.123.49.50]) by hub.freebsd.org (Postfix) with SMTP id 2881137B400 for ; Fri, 1 Dec 2000 04:50:31 -0800 (PST) Received: (qmail 19542 invoked from network); 1 Dec 2000 21:50:42 +0900 Received: from stanley.orangenetwork.net (HELO stanley) (211.123.49.54) by ns.orangenetwork.net with SMTP; 1 Dec 2000 21:50:42 +0900 Date: Fri, 01 Dec 2000 21:50:17 +0900 From: Melon To: freebsd-security@freebsd.org Subject: Re[2]: 137/udp In-Reply-To: References: <3A26A013136.BF8AMELON@postman.orangenetwork.net> Message-Id: <3A279E89A0.BF8CMELON@postman.orangenetwork.net> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Mailer: Becky! ver 1.26.05 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, I'm not familiar with NetBIOS behavior, but I know 137/udp (source) -> 53/udp (destination) is used for name resolving. All of Windows and Windows NT clients here are not installed Microsoft network sharing service, but I have Samba server for these Windows clients as the file server. I expected any of 137/udp packets incoming from outside of my LAN are illegal before. I wanted to know... * How 137/udp packet is sent for my network from Internet? * All of 137/udp packets are intended for portscan or explicit attack? I have missed to tell this... When 137/udp was sent here (the PC I'm writing this e-mail; Windows 98 SE), I was running Napster just for uploading a file. I'm logging an IP address of all 6699/tcp connections for security reason. Since I was doing tail -f [logname_for_my_firewall], I found 6699/tcp and 137/udp were coming from the same IP address. I asked him/her "Did you do something for my computer?" using Napster, I expected he or she would ignore my stupid question if he/she really or explicitly attacked me. However, the person who were connecting from the IP address was replied me and not seemed cracker. I have talked with so much entry-level pc users, so I asked him/her detailed PC related question. I can't believe he/she have attacked me. Now, I got problem. I expected *all* 137/udp from the outside are only intended for cracking. So I would like to know the 2 points listed above. - Melon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message