Re: port 137

From: steve harris (steveharris1@hotmail.com)
Date: 06/09/02


From: steve harris <steveharris1@hotmail.com>
Date: Sun, 09 Jun 2002 07:53:05 -0500

Macbrush wrote:

> Recently, I have put together a box doing firewall for the server I am
> running at home for a non-profit organization. The box itself has no open
> service at all, console is the only access. But I have set up a couple of
> traps on certain ports, so any access to those ports anywhere in the
> network will get DNAT to the firewall itself and portsentry is there
> waiting. It works great, catch many people trying the old imap trick,
> testing telnet etc.... However, since I've started to trap port 137 about
> a week ago, I get at least 3 caughts daily, this is a lot more higher than
> what I usually get from other ports combined. So I am beginning to worry
> about that I am catching innocent people, maybe a bug or bad setting in
> some Windows machines? Any experience or comments about this? Any advice
> would be very much appreciated.
>
> Thank you very much in advance.
>
> Cheerio
> Kenneth

Kenneth,
My experience has been to ignore them. Most of my 137 drops are from users
on my same ISP. Probably Windows computers with file sharing turned on.

Steve



Relevant Pages

  • Re: port 137
    ... I have put together a box doing firewall for the server I am ... > traps on certain ports, so any access to those ports anywhere in the ... > some Windows machines? ... Kenneth, ...
    (comp.os.linux.security)
  • Re: port 137
    ... Cheerio ... >> traps on certain ports, so any access to those ports anywhere in the ... >> some Windows machines? ...
    (comp.os.linux.security)
  • Re: port 137
    ... Cheerio ... >> traps on certain ports, so any access to those ports anywhere in the ... >> some Windows machines? ...
    (comp.os.linux.security)
  • Re: [opensuse] Re: cron.hourly
    ... Big Bad Wild Internet, yes I agree, they need the firewall ON! ... the great problem with the old Windows machines and the source of so ... ports they step to others. ...
    (SuSE)
  • Re: Root exploit for FreeBSD
    ... for two ports to my FreeBSD portscluster nodes. ... and it gives the firewall ... US this is also quite common, at least with regards to University ... if your computer is going to connect on our network it must be configured in certain ways and behave "normally" or you won't get a connection. ...
    (freebsd-questions)