Firewall Wizards mailing list archives
Re: UDP port 137
From: "John Kozubik" <john_kozubik_dc () hotmail com>
Date: Sat, 30 Jan 1999 18:41:46 PST
First off, whenever scans are taking place, you should be concerned - period. This is because it is impossible for you to determine whether the scans are acceidental, the work of children, or precursors to more sophisticated attacks. That said, UDP port 137 will only be a serious issue for you if you run Windows machines and do not block traffic on UDP/TCP 135 - 139. This is an issue because Microsoft encapsulates netbios information within TCP/Ip using these ports. It is trivial for an attacker to issue the following command: nbtstat -A (your Ip address) from their windows machine and collect information about your windows machine (if you are not blocking this traffic at your borders). Further, the command: net view \\IP will show shares available on your windows machine. Finally, the use of the 'net use' commands can map drives across the internet to your computer (if you do not password protect your shares) or brute force your password to these shares (if you do). I would not be too worried though. If you are clueful enough to have a utility that has alerted you to this, but do not know the significance of UDP 137, it is probably because you are a non-windows shop. If, for some reason you do support windows, just make sure that you block traffic (both UDP and TCP) to the ports I mentioned above. And keep your eyes peeled - it's probably just kids looking for a place to install back orifice, but then again, it could be a well-funded hostile government attempting to pillage your corporate data :) kozubik - John Kozubik - john_kozubik () hotmail com PGP DSS: 0EB8 4D07 D4D5 0C28 63FE AD87 520F 57BE 850B E4C4 ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- Re: UDP port 137 Bret McDanel (Feb 01)
- <Possible follow-ups>
- Re: UDP port 137 David Gillett (Feb 01)
- Re: UDP port 137 John Kozubik (Feb 01)
- RE: UDP port 137 Chris Tobkin (Feb 01)
- RE: UDP port 137 Gibson, Brian (Feb 02)
- Re: UDP Port 137 Randy Witlicki (Feb 03)