Date: Mon, 24 May 1999 18:44:07 +0400 From: ark@eltex.ru To: kiril@ideaglobal.com Cc: eltex.ru@ideaglobal.com, greg@qmpgmc.ac.uk, freebsd-security@FreeBSD.ORG, ark@eltex.ru, des@flood.ping.uio.no Subject: Re: Server trying to connect to Port 113 Message-ID: <199905241444.SAA23381@paranoid.eltex.spb.ru> In-Reply-To: <199905241435.PAA03027@idea.co.uk> from "Kiril Mitev <kiril@ideaglobal.com>"
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
nuqneH,
Netbios session service, yes. Netbios datagram/name service, no.
Kiril Mitev <kiril@ideaglobal.com> said :
> Yes.
>
> Ever seen scans of netbios ports across your whole DMZ ?
>
> K
> > nuqneH,
> >
> > Ever seen netbios name requests from misconfigured servers (cretins like
> > www.intel.ru and so on)?
> >
> > Kiril Mitev <kiril@ideaglobal.com> said :
> >
> > > >
> > > > "Greg Quinlan" <greg@qmpgmc.ac.uk> writes:
> > > > > So will it effect anything by opening port 113? ...(getting 2000 or so log
> > > > > entries from the same server)
> > > >
> > > > Don't log, or at least, don't log connections to ports to which you
> > > > excpect benign (if misguided) traffic, such as auth and the netbios
> > > > ports.
> > >
> > > i beg to disagree, any access attempt from 'outside' to any netbios
> > > ports are 99% indicative of a break-in attempt.
> > >
> > > in my experience, at least
_ _ _ _ _ _ _
{::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_
(##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_|
[||] [||] [||] Do i believe in Bible? Hell,man,i've seen one!
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQCVAwUBN0lltaH/mIJW9LeBAQHOlQP+Kq4iYkQAbMh2ggXD8FV64bDxfW7t8gOR
x6ASa5w9nHdyuOHXDcIFYp9jmJCV2tPfZitgU5wbZ1nGdxwf+AHmB15y2I6m8X4/
qQdZduBGFYrCk4w50F4FS25n4TcIJcedEihCOMQoMGUfurclOsIIPmbgGNh3ZJxE
JFZAUDdZo/0=
=yKmu
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199905241444.SAA23381>