[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Port 137 Scans
- Subject: Re: [cobalt-users] Port 137 Scans
- From: "Charles Williams \(CEO\)" <hosting.mailing.list.account@xxxxxxxxxxxxxxx>
- Date: Tue Apr 24 15:23:56 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
unless he's looking for open shares.
chuck
----- Original Message -----
From: "shimi" <shimi@xxxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Wednesday, April 25, 2001 1:41 AM
Subject: Re: [cobalt-users] Port 137 Scans
>
> On Mon, 23 Apr 2001, Wayne Sagar wrote:
>
> > Anybody seen this "guy" trying them on 137?
> >
> > Active System Attack Alerts
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=
> > Apr 23 07:16:24 www portsentry[527]: attackalert: Connect from host:
> > ws56171.ocar.army.pentagon.mil/134.11.56.171 to UDP port: 137
> > Apr 23 07:16:24 www portsentry[527]: attackalert: Host 134.11.56.171 has
> > been blocked via wrappers with string: "ALL: 134.11.56.171"
> >
> > Same host has hit me on at least three different ip's... sort of a
strange
> > host dont'cha'think?
>
> Basically it's a windoze looking around to see network neighbours to it's
> "network neighbourhood"...
>
> how he got to your IPs? no idea, perhaps misconfigured...
>
> anyhow, it's the netbios name service, and you shouldn't be worried.
>
> of course, you could have known it yourself:
>
> [shimi@shimi shimi]$ cat /etc/services | grep 137
> netbios-ns 137/tcp # NETBIOS Name Service
> netbios-ns 137/udp
>
> >
> > Wayne
> >
>
> - shimi.
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>