Date: 24 May 1999 16:45:41 +0200 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: Kiril Mitev <kiril@ideaglobal.com> Cc: greg@qmpgmc.ac.uk, freebsd-security@FreeBSD.ORG Subject: Re: Server trying to connect to Port 113 Message-ID: <xzpzp2ule5m.fsf@localhost.ping.uio.no> In-Reply-To: Kiril Mitev's message of "Mon, 24 May 1999 15:22:29 %2B0100 (BST)" References: <199905241422.PAA02615@idea.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Kiril Mitev <kiril@ideaglobal.com> writes: > > Don't log, or at least, don't log connections to ports to which you > > excpect benign (if misguided) traffic, such as auth and the netbios > > ports. > i beg to disagree, any access attempt from 'outside' to any netbios > ports are 99% indicative of a break-in attempt. Wrong on two points: most NetBIOS traffic is benign, and when it is an attack, it's most likely a DoS and not a break-in. I don't know of any way to gain access to a machine through NetBIOS services; I do however know of several ways to kill Windows that way (most, if not all, are not directly related to NetBIOS, but use the NetBIOS ports because Windows is likely to be listening there). Chasing after script kiddies who try to WinNuke a FreeBSD box is, IMHO, a total waste of energy. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpzp2ule5m.fsf>