Security Incidents mailing list archives
Dispostion of UPD/137 packets?
From: billp () ROCKETCASH COM (Bill Pennington)
Date: Tue, 15 Feb 2000 11:33:07 -0800
Ugghhh I get a bunch of UDP/137 packets flying at me firewall. I know this is "normal" is some (most?) cases. It seems that IIS and other NT based web services (stats packages and what not) will attempt to query a server with 3 UDP/137 packets in a short burst then go away. I guess I have to live with this. My real question is how can you determine if a UDP/137 is random cruft or a attempt to comprise your network? Sometimes what appears to be an straight forward mapping/info gathering/crack attempt could really be some user whose Win9x box has gone crazy. How do you guys/gals determine when a UDP/37 packet is worthy of a nasty gram and when it is not? -- Bill Pennington IT Manager Rocketcash billp () rocketcash com http://www.rocketcash.com
Current thread:
- ports ports and more ports Tyler (Feb 11)
- Re: ports ports and more ports David Getchell (Feb 15)
- Dispostion of UPD/137 packets? Bill Pennington (Feb 15)
- Re: ports ports and more ports Robert Lau (Feb 15)
- succesful crack Bob Lockie (Feb 15)
- Re: succesful crack Gene Harris (Feb 16)
- Re: succesful crack **read nine (Feb 17)
- Re: succesful crack R. Gupta (Feb 17)
- Re: succesful crack Gene Harris (Feb 16)
- Port Scanning (perhaps related to "A very strange port scan") Warren Belfer (Feb 15)
- MASSIVE ssh attack attempt Mark Shirley (Feb 15)
- Re: MASSIVE ssh attack attempt Omachonu Ogali (Feb 16)
- Re: MASSIVE ssh attack attempt Jose Nazario (Feb 17)
- Re: MASSIVE ssh attack attempt Brendan Grieve (Feb 17)
- Re: MASSIVE ssh attack attempt Omachonu Ogali (Feb 16)
(Thread continues...)