From owner-freebsd-security  Mon May 24  7:45:26 1999
Delivered-To: freebsd-security@freebsd.org
Received: from eltex.ru (ELTEX-2-SPIIRAS.nw.ru [195.19.204.46])
	by hub.freebsd.org (Postfix) with ESMTP id 649E61537E
	for <freebsd-security@FreeBSD.ORG>; Mon, 24 May 1999 07:45:20 -0700 (PDT)
	(envelope-from ark@eltex.ru)
Received: from border.eltex.spb.ru (root@border.eltex.ru [195.19.198.2])
	by eltex.ru (8.8.8/8.8.8) with SMTP id SAA29971; Mon, 24 May 1999 18:45:09 +0400 (MSD)
Received: by border.eltex.spb.ru (ssmtp TIS-0.5alpha, 19 Oct 1998); Mon, 24 May 1999 18:44:34 +0400
Received: from undisclosed-intranet-sender id xma015066; Mon, 24 May 99 18:44:16 +0400
Date: Mon, 24 May 1999 18:44:07 +0400
Message-Id: <199905241444.SAA23381@paranoid.eltex.spb.ru>
In-Reply-To: <199905241435.PAA03027@idea.co.uk> from "Kiril Mitev <kiril@ideaglobal.com>"
From: ark@eltex.ru
Organization: "Klingon Imperial Intelligence Service"
Subject: Re: Server trying to connect to Port 113
To: kiril@ideaglobal.com
Cc: eltex.ru@ideaglobal.com, greg@qmpgmc.ac.uk,
	freebsd-security@FreeBSD.ORG, ark@eltex.ru, des@flood.ping.uio.no
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----

nuqneH,

Netbios session service, yes. Netbios datagram/name service, no.

Kiril Mitev <kiril@ideaglobal.com> said :

> Yes.
> 
> Ever seen scans of netbios ports across your whole DMZ ?
> 
> K

> > nuqneH,
> > 
> > Ever seen netbios name requests from misconfigured servers (cretins like
> > www.intel.ru and so on)?
> > 
> > Kiril Mitev <kiril@ideaglobal.com> said :
> > 
> > > > 
> > > > "Greg Quinlan" <greg@qmpgmc.ac.uk> writes:
> > > > > So will it effect anything by opening port 113? ...(getting 2000 or so log
> > > > > entries from the same server)
> > > > 
> > > > Don't log, or at least, don't log connections to ports to which you
> > > > excpect benign (if misguided) traffic, such as auth and the netbios
> > > > ports.
> > > 
> > > i beg to disagree, any access attempt from 'outside' to any netbios
> > > ports are 99% indicative of a break-in attempt.
> > > 
> > > in my experience, at least
 

                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBN0lltaH/mIJW9LeBAQHOlQP+Kq4iYkQAbMh2ggXD8FV64bDxfW7t8gOR
x6ASa5w9nHdyuOHXDcIFYp9jmJCV2tPfZitgU5wbZ1nGdxwf+AHmB15y2I6m8X4/
qQdZduBGFYrCk4w50F4FS25n4TcIJcedEihCOMQoMGUfurclOsIIPmbgGNh3ZJxE
JFZAUDdZo/0=
=yKmu
-----END PGP SIGNATURE-----


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message