Security Incidents mailing list archives
udp traffic to port 137
From: tobi () UNDERSCORE DE (tobias wigand)
Date: Fri, 19 May 2000 11:16:59 +0200
hello all! our firewall rejects this kind of traffic dayly along with with some normal netbios traffic from port 137 to port 137. i first thought of a misconfiguration of the firewall as all netbios ports should be filtered. but my packet sniffer showed up that no packets are leaving our lan. does anyone know under which circumstances some machine would produce such traffic? are these portscans or just normal netbios connection attempts? fw kernel: Packet log: input REJECT eth0 PROTO=17 209.176.2.71:21 xxx.xxx.xxx.xxx:137 L=78 S=0x00 I=57649 F=0x0000 T=106 (#104) fw kernel: Packet log: input REJECT eth0 PROTO=17 209.176.2.71:21 xxx.xxx.xxx.xxx:137 L=78 S=0x00 I=10546 F=0x0000 T=106 (#104) fw kernel: Packet log: input REJECT eth0 PROTO=17 209.176.2.71:21 xxx.xxx.xxx.xxx:137 L=78 S=0x00 I=18482 F=0x0000 T=106 (#104) fw kernel: Packet log: input REJECT eth0 PROTO=17 208.178.128.145:16458 xxx.xxx.xxx.xxx:137 L=78 S=0x00 I=19955 F=0x0000 T=107 (#104) fw kernel: Packet log: input REJECT eth0 PROTO=17 208.178.128.145:16458 xxx.xxx.xxx.xxx:137 L=78 S=0x00 I=23539 F=0x0000 T=106 (#104) fw kernel: Packet log: input REJECT eth0 PROTO=17 208.178.128.145:16458 xxx.xxx.xxx.xxx:137 L=78 S=0x00 I=26355 F=0x0000 T=106 (#104) fw kernel: Packet log: input REJECT eth0 PROTO=17 128.177.244.100:463 xxx.xxx.xxx.xxx:137 L=78 S=0x00 I=4611 F=0x0000 T=108 (#104) fw kernel: Packet log: input REJECT eth0 PROTO=17 128.177.244.100:463 xxx.xxx.xxx.xxx:137 L=78 S=0x00 I=13317 F=0x0000 T=108 (#104) fw kernel: Packet log: input REJECT eth0 PROTO=17 128.177.244.100:463 xxx.xxx.xxx.xxx:137 L=78 S=0x00 I=29703 F=0x0000 T=108 (#104) fw kernel: Packet log: input REJECT eth0 PROTO=17 128.177.244.100:221 xxx.xxx.xxx.xxx:137 L=78 S=0x00 I=1273 F=0x0000 T=108 (#104) fw kernel: Packet log: input REJECT eth0 PROTO=17 128.177.244.100:221 xxx.xxx.xxx.xxx:137 L=78 S=0x00 I=25851 F=0x0000 T=108 (#104) fw kernel: Packet log: input REJECT eth0 PROTO=17 128.177.244.100:221 xxx.xxx.xxx.xxx:137 L=78 S=0x00 I=37373 F=0x0000 T=108 (#104) thanks for your help tobias
Current thread:
- udp traffic to port 137 tobias wigand (May 19)
- network.exe -- was -- Re: udp traffic to port 137 Walt (May 20)
- Hmmm... named again. Bugtraq List (May 22)
- Slow scan Jens Hektor (May 22)
- Re: Slow scan, the rest of the story Jens Hektor (May 24)
- Re: udp traffic to port 137 Robert Saraceno, Jr. (May 22)