Snort mailing list archives
DNS TO 137
From: Togan Muftuoglu <toganm () users sourceforge net>
Date: Fri, 18 May 2001 17:25:03 +0300
Hi As you can see clearly below thre is a traffic from port 53 to 137 (netbios) now those two ips are the nameservers for my isp that I have an ADSL Connection which I use roaring penquin. I have my resolve.conf nameserver 127.0.0.1 search my.domain and there is no forwarding in the named.conf I do want to believe that this is indeed bad traffic but with five second intervals from two named servers to my pc on port 137 is questioning for me. TIA -- Togan Muftuoglu =-=-=-=-=-=-=-=-=-= May 18 16:10:03 gardiyan snort: MISC source port 53 to <1024 [Classification: Potentially Bad Traffic Priority: 2]: 212.156.4.4:53 -> 212.156.196.133:137 May 18 16:10:08 gardiyan snort: MISC source port 53 to <1024 [Classification: Potentially Bad Traffic Priority: 2]: 212.156.4.20:53 -> 212.156.196.133:137 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- DNS TO 137 Togan Muftuoglu (May 18)