Date: Tue, 18 Aug 1998 10:53:21 -0600 From: Kenneth Ingham <ingham@i-pi.com> To: freebsd-security@FreeBSD.ORG Subject: Port 137 (was: Re: private network on router's external NIC?) Message-ID: <19980818105321.58178@i-pi.com> In-Reply-To: =?iso-8859-1?Q?=3Cxzp3eauu3bd=2Efsf=40hrotti=2Eifi=2Euio=2Eno=3E=3B_from?= =?iso-8859-1?Q?_Dag-Erling_Coidan_Sm=F8rgrav__on_Tue=2C_Aug_18=2C_1998_a?= =?iso-8859-1?Q?t_10=3A00=3A54AM_%2B0200?= References: <35D8A7E8.2DC50695@partitur.se> <xzp3eauu3bd.fsf@hrotti.ifi.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 18, 1998 at 10:00:54AM +0200, Dag-Erling Coidan Smørgrav wrote: > Forged packets to the NetBIOS ports are with 99% certainty attempted > DoS attacks (which will only succeed against Winblows boxen) Except that Newbios-NS (137) port lookups come from machines with WINS turned on doing web browsing. I tracked this down after I sent out email to someone who was bouncing off of my firewall. It appears that M$ trys a lookup with port 137 before the browser actually connects to get web info. So, port 137 may not be a denial of service attack, could be just mis-configured boxes. (but it could also be an attack...) Kenneth To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980818105321.58178>