Security Incidents mailing list archives
Re: UDP port 137 packets sent to 70.255.224.194 (and to other hosts/nets as well)
From: Pavel Lozhkin <pauel () BALAKOVO RU>
Date: Wed, 30 Aug 2000 07:47:59 +0400
Felipe Alfaro wrote:
Hello, I have configured our Cisco 801 router to block all incoming/outgoing NetBIOS traffic (TCP/UPD ports 137-139). I have set an specific filter for this and I have enabled logging.
[other text has skiped] And here is my 2 cents: For last week i sent 4 or 5 complains about UDP scan (138 port). I have one answer from iana.org,they wrote: "It is legal traffic and do not worry about it and contact to your ISP for more information".It was 2 day to go.Today i sent him a next complain about new scan.... In first: I am the ISP myself ;) In second: This traffic just has been directed not to one host,in the log i saw this: Aug-30-01:37:02 UDP from 169.254.100.72:137 to XXX.XX.XXX.16:137 Aug-30-01:37:06 UDP from 169.254.100.72:137 to XXX.XXX.XXX.17:137 The IP address is increasing on 1 per each packet. Today scanners was a 169.254.100.72 and 132.239.105.59. What happened ? This scans began only one week to go...... Before it i did not see it -- ** The hedgehog is a proud bird, he does not fly without kick ** Pauel System administrator ICQ UIN 39596913 8990192 Phone (7-84570)-52525 (7-84570)-40658 Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- UDP port 137 packets sent to 70.255.224.194 Felipe Alfaro (Aug 29)
- Re: UDP port 137 packets sent to 70.255.224.194 Paul L Schmehl (Aug 30)
- Re: UDP port 137 packets sent to 70.255.224.194 (and to other hosts/nets as well) Pavel Lozhkin (Aug 30)
- Re: UDP port 137 packets sent to 70.255.224.194 (and to other hosts/nets as well) Daniel S. Riley (Aug 31)
- Re: UDP port 137 packets sent to 70.255.224.194 (and to other hosts/nets as well) Pavel Lozhkin (Aug 31)
- Re: UDP port 137 packets sent to 70.255.224.194 (and to other hosts/nets as well) Daniel S. Riley (Aug 31)
- Re: UDP port 137 packets sent to 70.255.224.194 Jens Hektor (Aug 30)