Re: port 137
From: steve harris (steveharris1@hotmail.com)Date: 06/09/02
- Next message: RainbowHat: "Re: Script for removing blocked IP in a list"
- Previous message: svek: "Re: Announcement, iptables gui"
- In reply to: Macbrush: "port 137"
- Next in thread: Macbrush: "Re: port 137"
- Reply: Macbrush: "Re: port 137"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: steve harris <steveharris1@hotmail.com> Date: Sun, 09 Jun 2002 07:53:05 -0500
Macbrush wrote:
> Recently, I have put together a box doing firewall for the server I am
> running at home for a non-profit organization. The box itself has no open
> service at all, console is the only access. But I have set up a couple of
> traps on certain ports, so any access to those ports anywhere in the
> network will get DNAT to the firewall itself and portsentry is there
> waiting. It works great, catch many people trying the old imap trick,
> testing telnet etc.... However, since I've started to trap port 137 about
> a week ago, I get at least 3 caughts daily, this is a lot more higher than
> what I usually get from other ports combined. So I am beginning to worry
> about that I am catching innocent people, maybe a bug or bad setting in
> some Windows machines? Any experience or comments about this? Any advice
> would be very much appreciated.
>
> Thank you very much in advance.
>
> Cheerio
> Kenneth
Kenneth,
My experience has been to ignore them. Most of my 137 drops are from users
on my same ISP. Probably Windows computers with file sharing turned on.
Steve
- Next message: RainbowHat: "Re: Script for removing blocked IP in a list"
- Previous message: svek: "Re: Announcement, iptables gui"
- In reply to: Macbrush: "port 137"
- Next in thread: Macbrush: "Re: port 137"
- Reply: Macbrush: "Re: port 137"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
