Date: Mon, 24 May 1999 15:35:18 +0100 (BST) From: Kiril Mitev <kiril@ideaglobal.com> To: ark@eltex.ru Cc: kiril@ideaglobal.com, des@flood.ping.uio.no, eltex.ru@ideaglobal.com, greg@qmpgmc.ac.uk, freebsd-security@FreeBSD.ORG Subject: Re: Server trying to connect to Port 113 Message-ID: <199905241435.PAA03027@idea.co.uk> In-Reply-To: <199905241437.SAA23349@paranoid.eltex.spb.ru> from "ark@eltex.ru" at May 24, 99 06:37:21 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Yes. Ever seen scans of netbios ports across your whole DMZ ? K > > -----BEGIN PGP SIGNED MESSAGE----- > > nuqneH, > > Ever seen netbios name requests from misconfigured servers (cretins like > www.intel.ru and so on)? > > Kiril Mitev <kiril@ideaglobal.com> said : > > > > > > > "Greg Quinlan" <greg@qmpgmc.ac.uk> writes: > > > > So will it effect anything by opening port 113? ...(getting 2000 or so log > > > > entries from the same server) > > > > > > Don't log, or at least, don't log connections to ports to which you > > > excpect benign (if misguided) traffic, such as auth and the netbios > > > ports. > > > > i beg to disagree, any access attempt from 'outside' to any netbios > > ports are 99% indicative of a break-in attempt. > > > > in my experience, at least > > > _ _ _ _ _ _ _ > {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ > (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| > [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3i > Charset: noconv > > iQCVAwUBN0lkH6H/mIJW9LeBAQH/ZAP/bfLisALvDw4ImCstJh9jhp4ssg83Dy7+ > fJzX0qOgQIcmQpYmrlkTAF9lHPkzGcD9HHa8H8cduNuCkLLXWAfi8awF93UaTy5E > f1aG5bbwbm+xlFDE5Po05jSuA6E5mxLjNUFwgHbzC1gbuo4oqhTK4CXfLrS1sqyO > DBLUpiwen2k= > =wdQP > -----END PGP SIGNATURE----- > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199905241435.PAA03027>