Security Incidents mailing list archives
Re: Weird UDP packets
From: peak () ARGO TROJA MFF CUNI CZ (Pavel Kankovsky)
Date: Wed, 8 Mar 2000 10:04:35 +0100
On Mon, 6 Mar 2000, Damian Gerow wrote:
I've been watching my firewall logs, and in the past week something has cropped up. The firewall (all packets _do_ have a destination of the firewall) is a filtering, forwarding firewall protecting both Linux and NT servers. It does not run Samba, only SSH. The weird part of it is that packets are coming from port 137 and going to port 137, and always three packets from a different source each time. Can anyone help me with this one?
I have been observing a similar thing and found a correlation between instances of this netbios-ns junk and http accesses. All from MS Internet Exploder 4 or 5 on various Windoze flavours. Do not ascribe to... --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Current thread:
- Weird UDP packets Damian Gerow (Mar 06)
- Re: Weird UDP packets Pavel Kankovsky (Mar 08)
- Re: Weird UDP packets Dragos Ruiu (Mar 08)
- Re: Weird UDP packets Robert Graham (Mar 08)
- <Possible follow-ups>
- Re: Weird UDP packets Rich Corbett (Mar 07)
- Re: Weird UDP packets Derek Becker (Mar 08)
- Re: Weird UDP packets Pavel Kankovsky (Mar 08)