Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 24 May 1999 15:35:18 +0100 (BST)
From:      Kiril Mitev <kiril@ideaglobal.com>
To:        ark@eltex.ru
Cc:        kiril@ideaglobal.com, des@flood.ping.uio.no, eltex.ru@ideaglobal.com, greg@qmpgmc.ac.uk, freebsd-security@FreeBSD.ORG
Subject:   Re: Server trying to connect to Port 113
Message-ID:  <199905241435.PAA03027@idea.co.uk>
In-Reply-To: <199905241437.SAA23349@paranoid.eltex.spb.ru> from "ark@eltex.ru" at May 24, 99 06:37:21 pm

next in thread | previous in thread | raw e-mail | index | archive | help
Yes.

Ever seen scans of netbios ports across your whole DMZ ?

K
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> nuqneH,
> 
> Ever seen netbios name requests from misconfigured servers (cretins like
> www.intel.ru and so on)?
> 
> Kiril Mitev <kiril@ideaglobal.com> said :
> 
> > > 
> > > "Greg Quinlan" <greg@qmpgmc.ac.uk> writes:
> > > > So will it effect anything by opening port 113? ...(getting 2000 or so log
> > > > entries from the same server)
> > > 
> > > Don't log, or at least, don't log connections to ports to which you
> > > excpect benign (if misguided) traffic, such as auth and the netbios
> > > ports.
> > 
> > i beg to disagree, any access attempt from 'outside' to any netbios
> > ports are 99% indicative of a break-in attempt.
> > 
> > in my experience, at least
>  
> 
>                                      _     _  _  _  _      _  _
>  {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
>  (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
>  [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3i
> Charset: noconv
> 
> iQCVAwUBN0lkH6H/mIJW9LeBAQH/ZAP/bfLisALvDw4ImCstJh9jhp4ssg83Dy7+
> fJzX0qOgQIcmQpYmrlkTAF9lHPkzGcD9HHa8H8cduNuCkLLXWAfi8awF93UaTy5E
> f1aG5bbwbm+xlFDE5Po05jSuA6E5mxLjNUFwgHbzC1gbuo4oqhTK4CXfLrS1sqyO
> DBLUpiwen2k=
> =wdQP
> -----END PGP SIGNATURE-----
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199905241435.PAA03027>