Date: Tue, 9 Nov 1999 18:43:05 +0300 From: Vladimir Dubrovin <vlad@sandy.ru> To: Mike Pritchard <mpp@mppsystems.com> Cc: security@FreeBSD.ORG Subject: Re[2]: Port 137 hitting my server Message-ID: <3779.991109@sandy.ru> In-Reply-To: <19991109060320.B7018@mppsystems.com> References: <19991109060320.B7018@mppsystems.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Mike Pritchard, 09.11.99 15:03, you wrote: Port 137 hitting my server; M> On Mon, Nov 08, 1999 at 03:57:01PM -0800, Lawrence Sica wrote: >> All, >> >> I keep getting hits to port 137 on my server. I know this is a netbios >> thing, and am not running samba. The server in question is a webserver. I >> was wondering any legitimate cause for this? M> I've noticed a lot of these types of hits after playing around M> with alladvantage.com (get paid to surf the web!). I have no idea M> what they are looking for. At least from that particular web site, M> I haven't seen any real pattern to it, except that I see more of them M> after making use of their software. M> -Mike UDP 137 is a port for NetBIOS name resolution. Microsoft realization for IP->name resolution includes both DNS and netbios resolution. Every time you connect to hosts running MS products (for example IIS) which resolves your IP - host tries to resolve your NetBIOS name by sending UDP packet to your 137 port. Noone hacks you it's ok ;) You're wrong if you think only MS products do things like that. E.g. sendmail tries to check your name via authorization (TCP 113) protocol. With best regards, Vladimir MCSE, MCP+I +=-=-=-=-=-=-=-=-=+ |Vladimir Dubrovin| | Sandy Info, ISP | +=-=-=-=-=-=-=-=-=+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3779.991109>