Security Basics mailing list archives
Re: Anonymous LogOff and UDP Out Connections
From: "GSimmonds" <gsimmonds () primus ca>
Date: Tue, 9 Sep 2003 20:12:55 -0400
----- Original Message ----- From: "Mark Sargent" <powderkeg () snow email ne jp> To: "Security-Basics@Securityfocus. Com" <security-basics () securityfocus com> Sent: Tuesday, September 09, 2003 1:14 AM Subject: Anonymous LogOff and UDP Out Connections
Hi All, When activating the LAN, I notice numerous UDP packet attempts to a number of different IPs, on the Host machine. All attempts are from the localhost on port 137 to owner;stystem on 137. What are thse attempts.
It looks like NetBIOS name resolution. From your previous post, I'm assuming that your Host is multihomed. There's an article you may be interested in about unbinding NetBIOS from your external NIC. http://www.practicallynetworked.com/sharing/securnet.htm
Also, I'm seeing numerous LogOff alerts in Security Event Viewer.
I have no experience in this matter but these might help... www.eventid.net http://www.eventlogscan.com/
I'm also getting a lot of attempts from the Client, 192.168.0.2 to connect to port localhost on port 53, UDP(there is no owner). What is all of
this..?
I'm stealthed according to the security checks here on this site and grc.com. Any help appreciated. Cheers. OS = Win2kPro(both Host(192.168.0.1) and Client(192.168.0.2)) Firewall = Kerio Connection = ISDN
Were you able to sort out your Client accessing web sites? It looks like your Client is attempting DNS lookups. You might also see Dest. Unreachables since it isn't getting a response. Now my experience with ICS is theoretical, but I plan on setting one up soon and I use Kerio. A few things you could check... Have you configured the MS Networking tab in Administration? Does IE on the client know where the gateway is? Have you written a rule to allow TCP and UDP traffic to and from your client? Let me know how it goes. Regards Gary --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- Anonymous LogOff and UDP Out Connections Mark Sargent (Sep 09)
- RE: Anonymous LogOff and UDP Out Connections Joey Peloquin (Sep 09)
- RE: Anonymous LogOff and UDP Out Connections Mark Sargent (Sep 09)
- Re: Anonymous LogOff and UDP Out Connections GSimmonds (Sep 10)
- RE: Anonymous LogOff and UDP Out Connections Joey Peloquin (Sep 09)