[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Port 137 Scans

Subject: Re: [cobalt-users] Port 137 Scans
From: shimi <shimi@xxxxxxxxxxxxxxxx>
Date: Tue Apr 24 14:18:04 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Tue, 24 Apr 2001, Wayne Sagar wrote:

> At 04:41 PM 4/24/01 -0700, you wrote:
> 
> >Basically it's a windoze looking around to see network neighbours to it's
> >"network neighbourhood"...
> 
> http://www.sans.org/newlook/resources/IDFAQ/port_137.htm It seems there is
> a windoze virus that infects those machines and then sets about looking for
> other machines to infect... So then, this does not concern us on our linux
> boxes? Is it ok to tell portsentry to ignore port 137? I get an awful lot
> of scans on that port daily... I'm not sure I've ever gotten a difinitive
> answer as to whether or not there is a vulnerablilty there and/or if
> ignoring that port is safe or advised?

as I said.. it's windoze stuff. unless you run samba (which enables
sharing with windoze machines) - you have nothing to do with that port.
also I believe that if it's true about a virus, as I've posted earlier, a
program which was compiled on one OS usually won't work on another - that
includes viruses - viruses ARE programs.

 > > >how he got to your IPs? no idea, perhaps misconfigured...
> >anyhow, it's the netbios name service, and you shouldn't be worried.
> 
> If above link is on target, then likely, he and many of the other
> "innocent" macines hitting me on port 137 are infected with the network.vbs
> worm.. 
> 
> >of course, you could have known it yourself:
> >[shimi@shimi shimi]$ cat /etc/services | grep 137
> >netbios-ns      137/tcp                         # NETBIOS Name Service
> >netbios-ns      137/udp    
> 
> I'm not quite sure how to interpret the above...  Are we running NETBIOS
> services on the RaQ's? Do we need to worry about the network.vbs worm or
> can we "unguard" port 137 safely and just let in the machines who are
> attempting to connect via that port?

u can discard all packets coming to p. 137 safely.

we don't run netbios services - because we don't run samba.

anyhow, the /etc/services file is documentation at it's best :)

> TIA
> Wayne

- shimi.

References:
- Re: [cobalt-users] Port 137 Scans
  - From: Wayne Sagar

Prev by Date: Re: [cobalt-users] MySQL Password
Next by Date: Re: [cobalt-users] Help with Script Error Badly Needed
Previous by thread: Re: [cobalt-users] Port 137 Scans
Next by thread: Re: [cobalt-users] Port 137 Scans

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index