Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

udp traffic to port 137

From: tobi () UNDERSCORE DE (tobias wigand)
Date: Fri, 19 May 2000 11:16:59 +0200

hello all!

our firewall rejects this kind of traffic dayly along with with some normal netbios traffic from port 137 to port 137.
i first thought of a misconfiguration of the firewall as all netbios ports should be filtered. but my packet sniffer 
showed up that no packets are leaving our lan.
does anyone know under which circumstances some machine would produce such traffic? 
are these portscans or just normal netbios connection attempts?

fw kernel: Packet log: input REJECT eth0 PROTO=17 209.176.2.71:21 xxx.xxx.xxx.xxx:137 L=78 S=0x00 I=57649 F=0x0000 
T=106 (#104)
fw kernel: Packet log: input REJECT eth0 PROTO=17 209.176.2.71:21 xxx.xxx.xxx.xxx:137 L=78 S=0x00 I=10546 F=0x0000 
T=106 (#104)
fw kernel: Packet log: input REJECT eth0 PROTO=17 209.176.2.71:21 xxx.xxx.xxx.xxx:137 L=78 S=0x00 I=18482 F=0x0000 
T=106 (#104)
fw kernel: Packet log: input REJECT eth0 PROTO=17 208.178.128.145:16458 xxx.xxx.xxx.xxx:137 L=78 S=0x00 I=19955 
F=0x0000 T=107 (#104)
fw kernel: Packet log: input REJECT eth0 PROTO=17 208.178.128.145:16458 xxx.xxx.xxx.xxx:137 L=78 S=0x00 I=23539 
F=0x0000 T=106 (#104)
fw kernel: Packet log: input REJECT eth0 PROTO=17 208.178.128.145:16458 xxx.xxx.xxx.xxx:137 L=78 S=0x00 I=26355 
F=0x0000 T=106 (#104)
fw kernel: Packet log: input REJECT eth0 PROTO=17 128.177.244.100:463 xxx.xxx.xxx.xxx:137 L=78 S=0x00 I=4611 F=0x0000 
T=108 (#104)
fw kernel: Packet log: input REJECT eth0 PROTO=17 128.177.244.100:463 xxx.xxx.xxx.xxx:137 L=78 S=0x00 I=13317 F=0x0000 
T=108 (#104)
fw kernel: Packet log: input REJECT eth0 PROTO=17 128.177.244.100:463 xxx.xxx.xxx.xxx:137 L=78 S=0x00 I=29703 F=0x0000 
T=108 (#104)
fw kernel: Packet log: input REJECT eth0 PROTO=17 128.177.244.100:221 xxx.xxx.xxx.xxx:137 L=78 S=0x00 I=1273 F=0x0000 
T=108 (#104)
fw kernel: Packet log: input REJECT eth0 PROTO=17 128.177.244.100:221 xxx.xxx.xxx.xxx:137 L=78 S=0x00 I=25851 F=0x0000 
T=108 (#104)
fw kernel: Packet log: input REJECT eth0 PROTO=17 128.177.244.100:221 xxx.xxx.xxx.xxx:137 L=78 S=0x00 I=37373 F=0x0000 
T=108 (#104)

thanks for your help
tobias
Previous By Date Next
Previous By Thread Next

Current thread: