From owner-freebsd-security  Mon May 24  8:57:24 1999
Delivered-To: freebsd-security@freebsd.org
Received: from idea.co.uk (ultra2.idea.co.uk [194.36.20.11])
	by hub.freebsd.org (Postfix) with ESMTP id EDA22153EA
	for <freebsd-security@FreeBSD.ORG>; Mon, 24 May 1999 08:55:54 -0700 (PDT)
	(envelope-from kiril@idea.co.uk)
Received: (from kiril@localhost)
	by idea.co.uk (8.9.2/8.9.2) id QAA05550;
	Mon, 24 May 1999 16:48:45 +0100 (BST)
From: Kiril Mitev <kiril@ideaglobal.com>
Message-Id: <199905241548.QAA05550@idea.co.uk>
Subject: Re: Server trying to connect to Port 113
To: ark@eltex.ru
Date: Mon, 24 May 1999 16:48:45 +0100 (BST)
Cc: kiril@ideaglobal.com, eltex.ru@ideaglobal.com, greg@qmpgmc.ac.uk,
	freebsd-security@FreeBSD.ORG, des@flood.ping.uio.no
In-Reply-To: <199905241444.SAA23381@paranoid.eltex.spb.ru> from "ark@eltex.ru" at May 24, 99 06:44:07 pm
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Worry or not, those logs were wot it took to get big boss 
to buy real router :-)

K


> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> nuqneH,
> 
> Netbios session service, yes. Netbios datagram/name service, no.
> 
> Kiril Mitev <kiril@ideaglobal.com> said :
> 
> > Yes.
> > 
> > Ever seen scans of netbios ports across your whole DMZ ?
> > 
> > K
> 
> > > nuqneH,
> > > 
> > > Ever seen netbios name requests from misconfigured servers (cretins like
> > > www.intel.ru and so on)?
> > > 
> > > Kiril Mitev <kiril@ideaglobal.com> said :
> > > 
> > > > > 
> > > > > "Greg Quinlan" <greg@qmpgmc.ac.uk> writes:
> > > > > > So will it effect anything by opening port 113? ...(getting 2000 or so log
> > > > > > entries from the same server)
> > > > > 
> > > > > Don't log, or at least, don't log connections to ports to which you
> > > > > excpect benign (if misguided) traffic, such as auth and the netbios
> > > > > ports.
> > > > 
> > > > i beg to disagree, any access attempt from 'outside' to any netbios
> > > > ports are 99% indicative of a break-in attempt.
> > > > 
> > > > in my experience, at least
>  
> 
>                                      _     _  _  _  _      _  _
>  {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
>  (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
>  [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3i
> Charset: noconv
> 
> iQCVAwUBN0lltaH/mIJW9LeBAQHOlQP+Kq4iYkQAbMh2ggXD8FV64bDxfW7t8gOR
> x6ASa5w9nHdyuOHXDcIFYp9jmJCV2tPfZitgU5wbZ1nGdxwf+AHmB15y2I6m8X4/
> qQdZduBGFYrCk4w50F4FS25n4TcIJcedEihCOMQoMGUfurclOsIIPmbgGNh3ZJxE
> JFZAUDdZo/0=
> =yKmu
> -----END PGP SIGNATURE-----
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message