Security Incidents mailing list archives

Re: UDP port 137 packets sent to 70.255.224.194

From: Jens Hektor <hektor () RZ RWTH-AACHEN DE>
Date: Wed, 30 Aug 2000 08:00:42 -0000

Hi,

I have configured our Cisco 801 router to block all 
incoming/outgoing NetBIOS traffic (TCP/UPD ports 137-139). 
I have set an specific filter for this and I have enabled 
logging.


very good idea. Solves lots of problems.

targeted at 70.255.224.194 host. I have been searching 
WhoIs from NetworkSolutions and Arin but I have been 
unable


Under 
http://www.isi.edu/in-notes/iana/assignments/ipv4-address-space
http://www.cert.org/tech_tips/whois_by_ipaddr.html

one can conclude the reserved /8-Blocks, here is 
an excerpt from our router's outer interface in-ACL that
reflects the use of *not* officially assigned addresses:

    deny ip 127.0.0.0 0.255.255.255 any (34 matches)
    deny ip 10.0.0.0 0.255.255.255 any (81469 matches)
    deny ip 172.16.0.0 0.15.255.255 any (16596 matches)
    deny ip 192.168.0.0 0.0.255.255 any (18283 matches)
    deny ip 0.0.0.0 0.255.255.255 any (5 matches)
    deny ip 1.0.0.0 0.255.255.255 any (112 matches)
    deny ip 2.0.0.0 0.255.255.255 any (6 matches)
    deny ip 5.0.0.0 0.255.255.255 any
    deny ip 7.0.0.0 0.255.255.255 any
    deny ip 23.0.0.0 0.255.255.255 any
    deny ip 27.0.0.0 0.255.255.255 any (4 matches)
    deny ip 31.0.0.0 0.255.255.255 any
    deny ip 36.0.0.0 1.255.255.255 any
    deny ip 39.0.0.0 0.255.255.255 any (4 matches)
    deny ip 41.0.0.0 0.255.255.255 any
    deny ip 42.0.0.0 0.255.255.255 any
    deny ip 49.0.0.0 0.255.255.255 any
    deny ip 50.0.0.0 0.255.255.255 any
    deny ip 58.0.0.0 1.255.255.255 any (1 match)
    deny ip 60.0.0.0 0.255.255.255 any
    deny ip 67.0.0.0 0.255.255.255 any
    deny ip 68.0.0.0 3.255.255.255 any (8 matches)
    deny ip 72.0.0.0 7.255.255.255 any (8 matches)
    deny ip 80.0.0.0 15.255.255.255 any (91 matches)
    deny ip 96.0.0.0 15.255.255.255 any (335 matches)
    deny ip 112.0.0.0 8.255.255.255 any
    deny ip 120.0.0.0 3.255.255.255 any
    deny ip 124.0.0.0 1.255.255.255 any (5 matches)
    deny ip 126.0.0.0 0.255.255.255 any
    deny ip 197.0.0.0 0.255.255.255 any
    deny ip 218.0.0.0 1.255.255.255 any
    deny ip 220.0.0.0 3.255.255.255 any (77 matches)
    deny ip 240.0.0.0 15.255.255.255 any (9 matches)
    deny ip 169.254.0.0 0.0.255.255 any (744 matches)

Bye, Jens Hektor

Current thread:

UDP port 137 packets sent to 70.255.224.194 Felipe Alfaro (Aug 29)
- Re: UDP port 137 packets sent to 70.255.224.194 Paul L Schmehl (Aug 30)
- Re: UDP port 137 packets sent to 70.255.224.194 (and to other hosts/nets as well) Pavel Lozhkin (Aug 30)
  - Re: UDP port 137 packets sent to 70.255.224.194 (and to other hosts/nets as well) Daniel S. Riley (Aug 31)
    - Re: UDP port 137 packets sent to 70.255.224.194 (and to other hosts/nets as well) Pavel Lozhkin (Aug 31)
- Re: UDP port 137 packets sent to 70.255.224.194 Jens Hektor (Aug 30)