From owner-freebsd-security  Tue Nov  9  7:47: 0 1999
Delivered-To: freebsd-security@freebsd.org
Received: from adm.sci-nnov.ru (adm.sci-nnov.ru [195.122.226.2])
	by hub.freebsd.org (Postfix) with ESMTP id D142514E03
	for <security@FreeBSD.ORG>; Tue,  9 Nov 1999 07:46:52 -0800 (PST)
	(envelope-from vlad@sandy.ru)
Received: from anonymous.sandy.ru (anonymous.sandy.ru [195.122.226.12]) by adm.sci-nnov.ru (8.9.3/Dmiter-4.1) with ESMTP id SAA37541; Tue, 9 Nov 1999 18:43:00 +0300 (MSK)
Date: Tue, 9 Nov 1999 18:43:05 +0300
From: Vladimir Dubrovin <vlad@sandy.ru>
X-Mailer: The Bat! (v1.34) S/N D33CD428
Reply-To: Vladimir Dubrovin <vlad@sandy.ru>
Organization: Sandy Info
X-Priority: 3 (Normal)
Message-ID: <3779.991109@sandy.ru>
To: Mike Pritchard <mpp@mppsystems.com>
Cc: security@FreeBSD.ORG
Subject: Re[2]: Port 137 hitting my server
In-reply-To: <19991109060320.B7018@mppsystems.com>
References: <19991109060320.B7018@mppsystems.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hello Mike Pritchard,

09.11.99 15:03, you wrote: Port 137 hitting my server;

M> On Mon, Nov 08, 1999 at 03:57:01PM -0800, Lawrence Sica wrote:
>> All,
>> 
>> I keep getting hits to port 137 on my server.  I know this is a netbios 
>> thing, and am not running samba.  The server in question is a webserver.  I 
>> was wondering any legitimate cause for this?

M> I've noticed a lot of these types of hits after playing around
M> with alladvantage.com (get paid to surf the web!).  I have no idea
M> what they are looking for.  At least from that particular web site, 
M> I haven't seen any real pattern to it, except that I see more of them
M> after making use of their software.

M> -Mike

UDP  137  is a port for NetBIOS name resolution. Microsoft realization
for IP->name resolution includes both DNS and netbios resolution. Every
time  you  connect to hosts running MS products (for example IIS)
which  resolves  your  IP - host tries to resolve your NetBIOS name by
sending UDP packet to your 137 port. Noone hacks you it's ok ;)

You're  wrong  if you think only MS products do things like that. E.g.
sendmail  tries  to  check  your  name  via  authorization  (TCP  113)
protocol.

With best regards,
 Vladimir
 MCSE, MCP+I

  +=-=-=-=-=-=-=-=-=+
  |Vladimir Dubrovin|
  | Sandy Info, ISP |
  +=-=-=-=-=-=-=-=-=+




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message