Date: Fri, 6 Mar 1998 13:35:26 -0800 (PST) From: David Babler <root@Rigel.orionsys.com> To: freebsd-isp@FreeBSD.ORG Subject: Port 137 access - somebody monkeying around? Message-ID: <Pine.BSF.3.96.980306132649.6827G-100000@Rigel.orionsys.com>
next in thread | raw e-mail | index | archive | help
Perhaps this might belong to FreeBSD-security, but what the hey - it involves ISPs too... My ipfw rules deny and log all services that I don't support here, and I've noticed that I will often see a string of access attempts on my port 137 (NetBIOS Name Service) from foreign addresses (not once from any of my dialup customers). I was under the impression that these contacts might be Bad Guys trying to take advantage of some known exploit, thinking I was running NT or something. Is that a valid assumption, or is there some legitimate reason why foreign IPs should be trying to connect to that port? I complained once to a system one of whose dialup customers continued a port 137 probe on and off for an hour. When the user was contacted, he claimed he had NO IDEA what we were talking about, that he might have just "tried something" with a browser. Am I being too paranoid? -Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980306132649.6827G-100000>