Re: Anonymous LogOff and UDP Out Connections
From: GSimmonds (gsimmonds_at_primus.ca)
Date: 09/10/03
- Previous message: James Fields: "Re: how to sniffer the packages from one computer to another?"
- In reply to: Mark Sargent: "Anonymous LogOff and UDP Out Connections"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Security-Basics@Securityfocus. Com" <security-basics@securityfocus.com> Date: Tue, 9 Sep 2003 20:12:55 -0400
----- Original Message -----
From: "Mark Sargent" <powderkeg@snow.email.ne.jp>
To: "Security-Basics@Securityfocus. Com" <security-basics@securityfocus.com>
Sent: Tuesday, September 09, 2003 1:14 AM
Subject: Anonymous LogOff and UDP Out Connections
> Hi All,
>
> When activating the LAN, I notice numerous UDP packet attempts to a number
> of different IPs,
> on the Host machine. All attempts are from the localhost on port 137 to
> owner;stystem on 137. What are thse attempts.
It looks like NetBIOS name resolution. From your previous post, I'm assuming
that your Host is multihomed. There's an article you may be interested in
about unbinding NetBIOS from your external NIC.
http://www.practicallynetworked.com/sharing/securnet.htm
>Also, I'm seeing numerous
> LogOff alerts in Security Event Viewer.
I have no experience in this matter but these might help...
www.eventid.net
http://www.eventlogscan.com/
> I'm also getting a lot of attempts from the Client, 192.168.0.2 to connect
> to port localhost on port 53, UDP(there is no owner). What is all of
this..?
> I'm stealthed according to the security checks here on this site and
> grc.com. Any help appreciated. Cheers.
>
> OS = Win2kPro(both Host(192.168.0.1) and Client(192.168.0.2))
> Firewall = Kerio
> Connection = ISDN
Were you able to sort out your Client accessing web sites? It looks like
your Client is attempting DNS lookups. You might also see Dest.
Unreachables since it isn't getting a response.
Now my experience with ICS is theoretical, but I plan on setting one up soon
and I use Kerio. A few things you could check...
Have you configured the MS Networking tab in Administration?
Does IE on the client know where the gateway is?
Have you written a rule to allow TCP and UDP traffic to and from your
client?
Let me know how it goes.
Regards
Gary
---------------------------------------------------------------------------
Captus Networks
Are you prepared for the next Sobig & Blaster?
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Precisely Define and Implement Network Security
- Automatically Control P2P, IM and Spam Traffic
FIND OUT NOW - FREE Vulnerability Assessment Toolkit
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------
- Previous message: James Fields: "Re: how to sniffer the packages from one computer to another?"
- In reply to: Mark Sargent: "Anonymous LogOff and UDP Out Connections"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
