Security Incidents mailing list archives
UDP port 137 packets sent to 70.255.224.194
From: Felipe Alfaro <felipe_alfaro () EMAIL COM>
Date: Tue, 29 Aug 2000 11:19:12 -0000
Hello,
I have configured our Cisco 801 router to block all
incoming/outgoing NetBIOS traffic (TCP/UPD ports 137-139).
I have set an specific filter for this and I have enabled
logging.
Today, I have been looking at the logs and I see several
UDP packets (port 137) caught by the router which were
targeted at 70.255.224.194 host. I have been searching
WhoIs from NetworkSolutions and Arin but I have been unable
to identify the target. Of course, this is an unexpected
target of NetBIOS traffic from within our network.
I am a little new to intrussion detection, trojan horses
and security, so I would like some advice referring to this
issue.
Please, feel free to contact me here or, preferably, by e-
amil at the following address: falfaro () cofiber es.
Thank you very much,
Felipe Alfaro
Current thread:
- UDP port 137 packets sent to 70.255.224.194 Felipe Alfaro (Aug 29)
- Re: UDP port 137 packets sent to 70.255.224.194 Paul L Schmehl (Aug 30)
- Re: UDP port 137 packets sent to 70.255.224.194 (and to other hosts/nets as well) Pavel Lozhkin (Aug 30)
- Re: UDP port 137 packets sent to 70.255.224.194 (and to other hosts/nets as well) Daniel S. Riley (Aug 31)
- Re: UDP port 137 packets sent to 70.255.224.194 (and to other hosts/nets as well) Pavel Lozhkin (Aug 31)
- Re: UDP port 137 packets sent to 70.255.224.194 (and to other hosts/nets as well) Daniel S. Riley (Aug 31)
- Re: UDP port 137 packets sent to 70.255.224.194 Jens Hektor (Aug 30)