Security Basics mailing list archives
Anonymous LogOff and UDP Out Connections
From: "Mark Sargent" <powderkeg () snow email ne jp>
Date: Tue, 9 Sep 2003 14:14:28 +0900
Hi All, When activating the LAN, I notice numerous UDP packet attempts to a number of different IPs, 61.111.253.229 61.111.93.64 61.111.31.214 on the Host machine. All attempts are from the localhost on port 137 to owner;stystem on 137. What are thse attempts. Also, I'm seeing numerous LogOff alerts in Security Event Viewer. User Logoff: User Name: ANONYMOUS LOGON Domain: NT AUTHORITY Logon ID: (0x0,0xBC852) Logon Type: 3 User Logoff: User Name: ANONYMOUS LOGON Domain: NT AUTHORITY Logon ID: (0x0,0xB9BB8) Logon Type: 3 User Logoff: User Name: ANONYMOUS LOGON Domain: NT AUTHORITY Logon ID: (0x0,0xB1C26) Logon Type: 3 16 in the past 2-3hrs. I'm also getting a lot of attempts from the Client, 192.168.0.2 to connect to port localhost on port 53, UDP(there is no owner). What is all of this..? I'm stealthed according to the security checks here on this site and grc.com. Any help appreciated. Cheers. OS = Win2kPro(both Host(192.168.0.1) and Client(192.168.0.2)) Firewall = Kerio Connection = ISDN --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- Anonymous LogOff and UDP Out Connections Mark Sargent (Sep 09)
- RE: Anonymous LogOff and UDP Out Connections Joey Peloquin (Sep 09)
- RE: Anonymous LogOff and UDP Out Connections Mark Sargent (Sep 09)
- Re: Anonymous LogOff and UDP Out Connections GSimmonds (Sep 10)
- RE: Anonymous LogOff and UDP Out Connections Joey Peloquin (Sep 09)