Date: Wed, 28 Oct 1998 20:05:43 -0800 (PST) From: patl@phoenix.volant.org To: Nate Williams <nate@mt.sri.com> Cc: security@FreeBSD.ORG Subject: Re: Cause of NetBIOS-NS requests from outside Message-ID: <ML-3.3.909633943.1367.patl@asimov> In-Reply-To: <199810290355.UAA14862@mt.sri.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > > I've recently started logging more of the packets which are denied > > > > by my filters. Since then, I've noticed occasional bursts of UDP > > > > packets aimed at the NetBIOS-NS port (137) on my primary server. > > > > > > > > Is this more likely to be M$ brain-damage, or an attempted probe > > > > by some script-kiddie? > > > > > > M$ brain-damage. > ... > > So it's probably trying to contact my DNS server via NetBIOS-NS > > protocol? > > Nope, it's doing a 'broadcast' on port 137, If it's doing a broadcast, why is the destination address the IP address of my server instead of one of the broadcast addresses for my network? Or is this Micro$oft's definition of 'broadcast'? > and it may have even gotten > a reponse from a machine inside your network, depending on how you have > your firewall setup. Hmm. Maybe at some point in the past; but I've been blocking them for several weeks now. -Pat To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ML-3.3.909633943.1367.patl>