Date: Sat, 7 Mar 1998 11:05:34 -0500 (EST) From: zoonie <zoonie@myhouse.com> To: kris@airnet.net Cc: David Babler <root@Rigel.orionsys.com>, freebsd-isp@FreeBSD.ORG Subject: Re: Port 137 access - somebody monkeying around? Message-ID: <Pine.NEB.3.96.980307110330.20719B-100000@nak.myhouse.com> In-Reply-To: <3500E11B.ACD322CF@ninbox.ml.org>
next in thread | previous in thread | raw e-mail | index | archive | help
i agree about being paranoid, if your system is net attached you should be paranoid. i am....i see the same type of stuff all the time in my logs but i really don't worry about it since it's all dropped..... On Fri, 6 Mar 1998, Kris Kirby wrote: > David Babler wrote: > > > My ipfw rules deny and log all services that I don't support here, and > > I've noticed that I will often see a string of access attempts on my port > > 137 (NetBIOS Name Service) from foreign addresses (not once from any of my > > dialup customers). I was under the impression that these contacts might be > > Bad Guys trying to take advantage of some known exploit, thinking I was > > running NT or something. Is that a valid assumption, or is there some > > legitimate reason why foreign IPs should be trying to connect to that > > port? I complained once to a system one of whose dialup customers > > continued a port 137 probe on and off for an hour. When the user was > > contacted, he claimed he had NO IDEA what we were talking about, that he > > might have just "tried something" with a browser. > > My question is this: Why are you worried about rejects? I'd make your > alarms go off if I piped "QUIT" throught Netcat. What you should worry > about is if they can get by the rules. > > > Am I being too paranoid? > > H-E-L-K No. You can never be too paranoid about security. > > -- > > Kris Kirby <kris@airnet.net> > ------------------------------------------- > TGIFreeBSD... 'Nuff said. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96.980307110330.20719B-100000>