|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Rogue netbios packets?
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM - Subject: Rogue netbios packets?
- From: Joel Maslak <jmaslakwind-river.com>
- Date: Sun, 29 Mar 1998 22:26:46 -0700
- Reply-To: Joel Maslak <jmaslakwind-river.com>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
On a packet filtering firewall I run, I have noticed several thousand
packets denied each day to/from netbios ports. Talking to several
administrators in the area, they verify that they, too, see these things.
These packets are either:
1. Coming from the Internet with a source & destination port of
UDP 137
2. Going to the Internet with a source & destination port of
UDP 137
These aren't broadcast packets (although we have plenty of them, too), but
unicast packets -- a single source and a single destination.
Obviously, none of these got through our firewall. Even so, we are
interested in minimizing our security risks and would like to know why we
see these logged.
Why would we be seeing these? Are these part of an attack, or is this
"normal" behavior for NT/95?
Please respond directly to me, I'll send a summary back to the list (I'm
sick of seeing thirty message long threads).
Joel Maslak
Technical Project Lead
Wind River Visual Communication
- Prev by Date: Re: B1/2 and untrustworthy admins
- Next by Date: Remote sessions on NT
- Prev by thread: Re: B1/2 and untrustworthy admins
- Next by thread: Remote sessions on NT
- Index(es):