Security Incidents mailing list archives
Weird UDP packets
From: damian () ITACTICS COM (Damian Gerow)
Date: Mon, 6 Mar 2000 15:55:13 -0500
I've been watching my firewall logs, and in the past week something has cropped up. The firewall (all packets _do_ have a destination of the firewall) is a filtering, forwarding firewall protecting both Linux and NT servers. It does not run Samba, only SSH. The weird part of it is that packets are coming from port 137 and going to port 137, and always three packets from a different source each time. Can anyone help me with this one? Mar 3 04:57:42 pwfw kernel: Packet log: unserved DENY eth0 PROTO=UDP 24.161.140.236:137 xxx.xxx.xxx.xxx:137 L=78:58 S=0x00 I=3411 T=112 Mar 3 04:57:43 pwfw kernel: Packet log: unserved DENY eth0 PROTO=UDP 24.161.140.236:137 xxx.xxx.xxx.xxx:137 L=78:58 S=0x00 I=3667 T=112 Mar 3 04:57:45 pwfw kernel: Packet log: unserved DENY eth0 PROTO=UDP 24.161.140.236:137 xxx.xxx.xxx.xxx:137 L=78:58 S=0x00 I=4179 T=112 Mar 4 00:15:42 pwfw kernel: Packet log: unserved DENY eth0 PROTO=UDP 209.184.120.232:137 xxx.xxx.xxx.xxx:137 L=78:58 S=0x00 I=47942 T=110 Mar 4 00:15:43 pwfw kernel: Packet log: unserved DENY eth0 PROTO=UDP 209.184.120.232:137 xxx.xxx.xxx.xxx:137 L=78:58 S=0x00 I=48198 T=110 Mar 4 00:15:45 pwfw kernel: Packet log: unserved DENY eth0 PROTO=UDP 209.184.120.232:137 xxx.xxx.xxx.xxx:137 L=78:58 S=0x00 I=48454 T=110 Mar 4 13:40:06 pwfw kernel: Packet log: unserved DENY eth0 PROTO=UDP 209.99.67.16:137 xxx.xxx.xxx.xxx:137 L=78:58 S=0x00 I=28395 T=112 Mar 4 13:40:07 pwfw kernel: Packet log: unserved DENY eth0 PROTO=UDP 209.99.67.16:137 xxx.xxx.xxx.xxx:137 L=78:58 S=0x00 I=28651 T=112 Mar 4 13:40:09 pwfw kernel: Packet log: unserved DENY eth0 PROTO=UDP 209.99.67.16:137 xxx.xxx.xxx.xxx:137 L=78:58 S=0x00 I=28907 T=112 Mar 5 20:51:03 pwfw kernel: Packet log: unserved DENY eth0 PROTO=UDP 150.100.100.11:137 xxx.xxx.xxx.xxx:137 L=78:58 S=0x00 I=51733 T=122 Mar 5 20:51:04 pwfw kernel: Packet log: unserved DENY eth0 PROTO=UDP 150.100.100.11:137 xxx.xxx.xxx.xxx:137 L=78:58 S=0x00 I=59925 T=122 Mar 5 20:51:06 pwfw kernel: Packet log: unserved DENY eth0 PROTO=UDP 150.100.100.11:137 xxx.xxx.xxx.xxx:137 L=78:58 S=0x00 I=790 T=122
Current thread:
- Weird UDP packets Damian Gerow (Mar 06)
- Re: Weird UDP packets Pavel Kankovsky (Mar 08)
- Re: Weird UDP packets Dragos Ruiu (Mar 08)
- Re: Weird UDP packets Robert Graham (Mar 08)
- <Possible follow-ups>
- Re: Weird UDP packets Rich Corbett (Mar 07)
- Re: Weird UDP packets Derek Becker (Mar 08)
- Re: Weird UDP packets Pavel Kankovsky (Mar 08)