port 137

From: Macbrush (macbrush@carriver.com)
Date: 06/09/02


From: "Macbrush" <macbrush@carriver.com>
Date: Sun, 9 Jun 2002 16:39:44 +0800

Recently, I have put together a box doing firewall for the server I am
running at home for a non-profit organization. The box itself has no open
service at all, console is the only access. But I have set up a couple of
traps on certain ports, so any access to those ports anywhere in the network
will get DNAT to the firewall itself and portsentry is there waiting. It
works great, catch many people trying the old imap trick, testing telnet
etc.... However, since I've started to trap port 137 about a week ago, I get
at least 3 caughts daily, this is a lot more higher than what I usually get
from other ports combined. So I am beginning to worry about that I am
catching innocent people, maybe a bug or bad setting in some Windows
machines? Any experience or comments about this? Any advice would be very
much appreciated.

Thank you very much in advance.

Cheerio
Kenneth



Relevant Pages

  • Re: Root exploit for FreeBSD
    ... for two ports to my FreeBSD portscluster nodes. ... and it gives the firewall ... US this is also quite common, at least with regards to University ... if your computer is going to connect on our network it must be configured in certain ways and behave "normally" or you won't get a connection. ...
    (freebsd-questions)
  • Re: Root exploit for FreeBSD
    ... for two ports to my FreeBSD portscluster nodes. ... and it gives the firewall ... US this is also quite common, at least with regards to University ... if your computer is going to connect on our network it must be configured in certain ways and behave "normally" or you won't get a connection. ...
    (freebsd-current)
  • Re: Trouble accessing Outlook Web Access from behind firewall
    ... When starting the firewall I also set ... > rejected and dropped packets are logged, however I see nothing in my log ... > # Higher ports needed to accept incoming/outgoing calls ...
    (comp.security.firewalls)
  • Re: iptables configuration
    ... >> that if a 'virus/trojan' initiated a connection to the net, the firewall ... >> would not protect the LAN. ... The LAN is NATed with private IPs to one public IP. ... the ports that are used by services running on linux. ...
    (comp.os.linux.security)
  • Re: Norton Personal Firewall 2003
    ... |> First thing I would do is put the GRC test site into the Exclusions ... | ports they will not get the same result being in my blocklist, ... the firewall checks unsolicited inbound communications attempts. ...
    (comp.security.firewalls)