OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
FreeBSD Security Archives: Re[2]: Port 137 hitting my server

Re[2]: Port 137 hitting my server

Vladimir Dubrovin (vladsandy.ru)
Tue, 9 Nov 1999 18:43:05 +0300

Hello Mike Pritchard,

09.11.99 15:03, you wrote: Port 137 hitting my server;

M> On Mon, Nov 08, 1999 at 03:57:01PM -0800, Lawrence Sica wrote:
>> All,
>>
>> I keep getting hits to port 137 on my server. I know this is a netbios
>> thing, and am not running samba. The server in question is a webserver. I
>> was wondering any legitimate cause for this?

M> I've noticed a lot of these types of hits after playing around
M> with alladvantage.com (get paid to surf the web!). I have no idea
M> what they are looking for. At least from that particular web site,
M> I haven't seen any real pattern to it, except that I see more of them
M> after making use of their software.

M> -Mike

UDP 137 is a port for NetBIOS name resolution. Microsoft realization
for IP->name resolution includes both DNS and netbios resolution. Every
time you connect to hosts running MS products (for example IIS)
which resolves your IP - host tries to resolve your NetBIOS name by
sending UDP packet to your 137 port. Noone hacks you it's ok ;)

You're wrong if you think only MS products do things like that. E.g.
sendmail tries to check your name via authorization (TCP 113)
protocol.

With best regards,
 Vladimir
 MCSE, MCP+I

  +=-=-=-=-=-=-=-=-=+
  |Vladimir Dubrovin|
  | Sandy Info, ISP |
  +=-=-=-=-=-=-=-=-=+

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

This archive was generated by hypermail 2.0b3 on Tue Nov 09 1999 - 09:46:29 CST