[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Port 137 Scans

Subject: Re: [cobalt-users] Port 137 Scans
From: Wayne Sagar <wsagar@xxxxxxxx>
Date: Tue Apr 24 15:52:47 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

At 09:39 PM 4/24/01 -0700, you wrote:

>137 is for Windows File Sharing - firewall it out, or just let 
>portsentry block it.

It's blocked by portsentry, I just get a lot of entries into the hosts.deny
file from all the connect attempts through it... Will firewall it out asap.. 

>There's really no reason for a Windows box to be trying file sharing 
>with a Cobalt RaQ...

My best guess is that the vbs worm has a fair batch of dsl and cable home
systems comprimised, has replicated and is "looking" for any open port
137... Many of the ip's getting blocked are on, what look to be, innocent
cable and dsl systems. At least they are only getting blocked udp and not
tcp.. I'm assuming those people can still access the main pages of the
website... though I'm not sure. I wonder if what is happening is *if* the
host boxes I see trying to connect are visitors to my main site, which has
a fair amount of visitation... when they connect to the site.. again, if
they carry the vbs worm on thier systems.. maybe it just makes that attempt
then. 

I'll just ignore the warnings and maybe flush my hosts.deny once in a
while... I hate to though, some of them NEED to be denied!

Thanks!
Wayne

Prev by Date: [cobalt-users] DNS REGISTER PROBLEM !
Next by Date: Re: [cobalt-users] MySQL User list needs flushing
Previous by thread: Re: [cobalt-users] Port 137 Scans
Next by thread: Re: [cobalt-users] Port 137 Scans

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index