|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: UDP port 137
Eric Maiwald (emaiwald
fred.net)
Thu, 28 Jan 1999 18:38:21 -0500 (EST)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Neil Pike: "Re: WinNT and Firewall-1"
- Previous message: stranded lemming: "Re: IDS collection in the DMZ, or in the dirty segment?"
- In reply to: John Kozubik: "Re: IDS collection in the DMZ, or in the dirty segment?"
- Next in thread: Robert Graham: "Re: UDP port 137"
Port 137 is used by Windows machines as part of their name
resolution. This may occur anytime your firewall's external address
communicates with a windows machine.
If you are logging emails, web access, ftp, telnet, etc, see if you
can match the inbound 137 attempts to addresses in the other logs
at about the same time.
Eric
On Wed, 27 Jan 1999, Burgess, John (EDS) wrote:
> My firewall has been alerting me to "possible port scans" on UPD for
> port 137.
> This seems to occur from a number of source addresses and domains on the
> internet, some resolve-able, some not. Does anyone know of a reason
> I should be concerned?
>
> John B.
>
---------------------------------------------------------------------
Eric Maiwald emaiwaldfred.net
So Many Hobbies, So little time
---------------------------------------------------------------------
- Next message: Neil Pike: "Re: WinNT and Firewall-1"
- Previous message: stranded lemming: "Re: IDS collection in the DMZ, or in the dirty segment?"
- In reply to: John Kozubik: "Re: IDS collection in the DMZ, or in the dirty segment?"
- Next in thread: Robert Graham: "Re: UDP port 137"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:18:02 CDT