port 137
From: Macbrush (macbrush@carriver.com)Date: 06/09/02
- Next message: Macbrush: "Script for removing blocked IP in a list"
- Previous message: charadeur: "Re: think I may have been rootkitted"
- Next in thread: steve harris: "Re: port 137"
- Reply: steve harris: "Re: port 137"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Macbrush" <macbrush@carriver.com> Date: Sun, 9 Jun 2002 16:39:44 +0800
Recently, I have put together a box doing firewall for the server I am
running at home for a non-profit organization. The box itself has no open
service at all, console is the only access. But I have set up a couple of
traps on certain ports, so any access to those ports anywhere in the network
will get DNAT to the firewall itself and portsentry is there waiting. It
works great, catch many people trying the old imap trick, testing telnet
etc.... However, since I've started to trap port 137 about a week ago, I get
at least 3 caughts daily, this is a lot more higher than what I usually get
from other ports combined. So I am beginning to worry about that I am
catching innocent people, maybe a bug or bad setting in some Windows
machines? Any experience or comments about this? Any advice would be very
much appreciated.
Thank you very much in advance.
Cheerio
Kenneth
- Next message: Macbrush: "Script for removing blocked IP in a list"
- Previous message: charadeur: "Re: think I may have been rootkitted"
- Next in thread: steve harris: "Re: port 137"
- Reply: steve harris: "Re: port 137"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
