Re: Hacked?
From: Walter Roberson (roberson@ibd.nrc.ca)Date: 04/03/02
- Next message: chris@nospam.com: "Re: Choosing secure passwords - Feedback solicited"
- Previous message: chris@nospam.com: "Re: Hacked?"
- In reply to: William Hu: "Hacked?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: roberson@ibd.nrc.ca (Walter Roberson) Date: 3 Apr 2002 02:32:55 GMT
In article <b7151986.0204021559.1e679f71@posting.google.com>,
William Hu <williamh@bsnsw.org.au> wrote:
:Recently while checking my firewall log, I found that some of my NT
:servers were connected through the firewall by udp port 137
:(NetBios-ns).
:The firewall is/has been configured to deny any thing start from
:outside and those servers have nothing to do with outside, so why they
:are connected?
:I then monitored the activeties for a while and noticed that my
:servers were starting connections at udp port 137 from time to time!!
:I then scanned all files on the server with McAffee (Virus definition
:4.0.4194, Scan engine 4.1.60) and found nothing.
:Had anyone know any thing about this upd port 137, please help!
UDP port 137 is NETBIOS Nameservice (netbios-ns)
In default Windows configurations, netbios-ns is one of the
mechanisms that Windows attempts to use to look up information
about particular IP addresses -- much like reverse DNS except
returning the host NETBIOS name instead of the DNS name.
In more modern Windows, there is a way to control the resolution
order. [Sorry, I do not know the mechanism off-hand.]
- Next message: chris@nospam.com: "Re: Choosing secure passwords - Feedback solicited"
- Previous message: chris@nospam.com: "Re: Hacked?"
- In reply to: William Hu: "Hacked?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
