[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Port 137 Scans

Subject: Re: [cobalt-users] Port 137 Scans
From: shimi <shimi@xxxxxxxxxxxxxxxx>
Date: Tue Apr 24 08:51:06 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Mon, 23 Apr 2001, Wayne Sagar wrote:

> Anybody seen this "guy" trying them on 137?
> 
> Active System Attack Alerts
> =-=-=-=-=-=-=-=-=-=-=-=-=-=
> Apr 23 07:16:24 www portsentry[527]: attackalert: Connect from host:
> ws56171.ocar.army.pentagon.mil/134.11.56.171 to UDP port: 137
> Apr 23 07:16:24 www portsentry[527]: attackalert: Host 134.11.56.171 has
> been blocked via wrappers with string: "ALL: 134.11.56.171"
> 
> Same host has hit me on at least three different ip's... sort of a strange
> host dont'cha'think?

Basically it's a windoze looking around to see network neighbours to it's
"network neighbourhood"...

how he got to your IPs? no idea, perhaps misconfigured...

anyhow, it's the netbios name service, and you shouldn't be worried.

of course, you could have known it yourself:

[shimi@shimi shimi]$ cat /etc/services | grep 137
netbios-ns      137/tcp                         # NETBIOS Name Service
netbios-ns      137/udp    

> 
> Wayne
> 

- shimi.

Follow-Ups:
- Re: [cobalt-users] Port 137 Scans
  - From: Charles Williams \(CEO\)

References:
- [cobalt-users] Port 137 Scans
  - From: Wayne Sagar

Prev by Date: Re: [cobalt-users] Webmin Install
Next by Date: Re: [cobalt-users] Port 137 Scans
Previous by thread: [cobalt-users] Port 137 Scans
Next by thread: Re: [cobalt-users] Port 137 Scans

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index