|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: UDP port 137
Shivdasani, Meenoo (Meenoo_Shivdasani
NAI.com)
Fri, 29 Jan 1999 07:02:43 -0800
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Roger Nebel: "Re: The value of detecting neutralized threats. (was RE: IDS blah blah)"
- Previous message: David Harley: "RE: .gov/.mil threat ID"
- In reply to: Paul D. Robertson: "RE: .gov/.mil threat ID"
- Next in thread: Eric Maiwald: "Re: UDP port 137"
> My firewall has been alerting me to "possible port scans" on UPD for
> port 137.
> This seems to occur from a number of source addresses and
> domains on the
> internet, some resolve-able, some not. Does anyone know of a reason
> I should be concerned?
Ah, the joy of Windoze. At the most innocent level, hits to 137/UDP are
just an annoyance. Windoze boxes spew NetBIOS related traffic all over the
place. My personal solution is to dump them in the bit bucket so that I
don't have to wade through reports of unserved ports in my logs. However,
that solution does have a flaw -- no logging equates to no tracking.
Hits to 139/TCP could be someone trying to nuke internal windoze machines.
I can't remember offhand if there's an attack that you can do with 137/UDP.
M
- Next message: Roger Nebel: "Re: The value of detecting neutralized threats. (was RE: IDS blah blah)"
- Previous message: David Harley: "RE: .gov/.mil threat ID"
- In reply to: Paul D. Robertson: "RE: .gov/.mil threat ID"
- Next in thread: Eric Maiwald: "Re: UDP port 137"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:18:02 CDT