Security Incidents mailing list archives

Re: Odd UPD scan

From: peak () ARGO TROJA MFF CUNI CZ (Pavel Kankovsky)
Date: Tue, 21 Mar 2000 10:49:12 +0100


On Mon, 20 Mar 2000, Bill Pennington wrote:

...I mean IPX/SPX and Appletalk are generally very noisy but TCP/UDP
should be a bit more elegant IMHO.


This is not TCP/UDP but *NetBIOS* over TCP/UDP.

It would be intersting to find out how much bandwidth is getting chewed
up at sites like yahoo.com and amazon.com. I bet it is quite a lot.
Maybe ISP's should block this traffic outbound by default.

I think that would go a long way it combating this bandwitdh
hog/security risk.


I have to ask myself what would happen if I sent a bogus reply instead of
dropping the request on the floor. Could I make the client go down in
flames (or something worse)? (Q for VULN-DEV?) If yes, there would be a
strong incentive to get rid of this braindead feature. ;)

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

Current thread:

Odd UPD scan David Meissner (Mar 15)
- Re: Odd UPD scan Bill Pennington (Mar 16)
  - Re: Odd UPD scan Graeme Fowler (Mar 20)
- Re: Odd UPD scan Grzegorz Janoszka (Mar 17)
- <Possible follow-ups>
- Re: Odd UPD scan Randy Mclean (Mar 17)
- Re: Odd UPD scan Rainer Weikusat (Mar 17)
- Re: Odd UPD scan Bill Pennington (Mar 20)
  - Re: Odd UPD scan Pavel Kankovsky (Mar 21)
  - NetBIOS info Robert Graham (Mar 21)
    - Re: NetBIOS info Bill Pennington (Mar 22)
    - Strange probe Stuart Staniford-Chen (Mar 24)
    - Re: NetBIOS info Robert Graham (Mar 27)
    - Syn scans to 4045 Joey McAlerney (Mar 27)