Security Incidents mailing list archives
UDP port 137 packets sent to 70.255.224.194
From: Felipe Alfaro <felipe_alfaro () EMAIL COM>
Date: Tue, 29 Aug 2000 11:19:12 -0000
Hello, I have configured our Cisco 801 router to block all incoming/outgoing NetBIOS traffic (TCP/UPD ports 137-139). I have set an specific filter for this and I have enabled logging. Today, I have been looking at the logs and I see several UDP packets (port 137) caught by the router which were targeted at 70.255.224.194 host. I have been searching WhoIs from NetworkSolutions and Arin but I have been unable to identify the target. Of course, this is an unexpected target of NetBIOS traffic from within our network. I am a little new to intrussion detection, trojan horses and security, so I would like some advice referring to this issue. Please, feel free to contact me here or, preferably, by e- amil at the following address: falfaro () cofiber es. Thank you very much, Felipe Alfaro
Current thread:
- UDP port 137 packets sent to 70.255.224.194 Felipe Alfaro (Aug 29)
- Re: UDP port 137 packets sent to 70.255.224.194 Paul L Schmehl (Aug 30)
- Re: UDP port 137 packets sent to 70.255.224.194 (and to other hosts/nets as well) Pavel Lozhkin (Aug 30)
- Re: UDP port 137 packets sent to 70.255.224.194 (and to other hosts/nets as well) Daniel S. Riley (Aug 31)
- Re: UDP port 137 packets sent to 70.255.224.194 (and to other hosts/nets as well) Pavel Lozhkin (Aug 31)
- Re: UDP port 137 packets sent to 70.255.224.194 (and to other hosts/nets as well) Daniel S. Riley (Aug 31)
- Re: UDP port 137 packets sent to 70.255.224.194 Jens Hektor (Aug 30)