From owner-freebsd-chat  Tue Nov  9 12:40: 4 1999
Delivered-To: freebsd-chat@freebsd.org
Received: from shell.webmaster.com (mail.webmaster.com [209.133.28.73])
	by hub.freebsd.org (Postfix) with ESMTP id 6229715335
	for <chat@freebsd.org>; Tue,  9 Nov 1999 12:39:49 -0800 (PST)
	(envelope-from davids@webmaster.com)
Received: from whenever ([209.133.29.2]) by shell.webmaster.com
          (Post.Office MTA v3.5.3 release 223 ID# 0-12345L500S10000V35)
          with SMTP id com; Tue, 9 Nov 1999 12:39:45 -0800
From: "David Schwartz" <davids@webmaster.com>
To: "David Scheidt" <dscheidt@enteract.com>,
	"Kris Kennaway" <kris@hub.freebsd.org>
Cc: "Mike Pritchard" <mpp@mppsystems.com>,
	"Lawrence Sica" <larry@mail.interactivate.com>, <chat@freebsd.org>
Subject: RE: Port 137 hitting my server
Date: Tue, 9 Nov 1999 12:39:45 -0800
Message-ID: <000c01bf2af2$8edfd830$021d85d1@youwant.to>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0
Importance: Normal
In-Reply-To: <Pine.NEB.3.96.991109141548.91601A-100000@shell-3.enteract.com>
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


	Usually a port 137 hit means one of two things:

	1) Someone is seeing if your server is misconfigured with shared without
passwords.

	2) Someone accidentally typed in your server name in an Explorer window
that caused it to check for shares instead of for web pages.

	DS

> On Tue, 9 Nov 1999, Kris Kennaway wrote:
>
> > On Tue, 9 Nov 1999, Mike Pritchard wrote:
> >
> > > I've noticed a lot of these types of hits after playing around
> > > with alladvantage.com (get paid to surf the web!).  I have no idea
> > > what they are looking for.  At least from that particular web site,
> > > I haven't seen any real pattern to it, except that I see more of them
> > > after making use of their software.
> >
> > The dilbert.com website used to give me reverse port 80 scans
> (I think it
> > was port 80)..my best guess was that it was either some kind of
> > demographic profiling from an advertiser or a spamming business run by
> > dogbert looking for addresses.
>
> The doubleclick people used to do something that looked suspicious, the
> claimed purpose of which was to figure out which of their servers you were
> closest to, in order to sell you better.  I don't remember what it is, and
> since *.doubleclick.net looks up as 127.0.0.1 from here, I can't
> be bothered
> to check.
>
> David Scheidt
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-chat" in the body of the message
>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message