Security Incidents mailing list archives
RE: Scanning from a "intruder.rs88.net"?
From: Simos Xenitellis <simos () pc96 ma rhbnc ac uk>
Date: Sun, 27 May 2001 23:38:53 +0100 (BST)
On Sun, 27 May 2001, Jason Lewis wrote:
What is running on the machine these logs came from? Web, DNS, FTP? Microsoft boxes attempt to connect via NetBIOS or do WINS lookups on servers they are trying to use services on. A windows box will try to connect on port 137 if it is trying to access your web server. I dump all that traffic at my border router.
It is not a WWW server. It appears to have ports 22 and 80 firewalled. simos
Current thread:
- Scanning from a "intruder.rs88.net"? Simos Xenitellis (May 26)
- RE: Scanning from a "intruder.rs88.net"? Jason Lewis (May 27)
- RE: Scanning from a "intruder.rs88.net"? Simos Xenitellis (May 28)
- RE: Scanning from a "intruder.rs88.net"? James Friesen (May 28)
- Re: Scanning from a "intruder.rs88.net"? Jonathan Bloomquist (May 28)
- RE: Scanning from a "intruder.rs88.net"? Jason Lewis (May 28)
- RE: Scanning from a "intruder.rs88.net"? Simos Xenitellis (May 28)
- RE: Scanning from a "intruder.rs88.net"? Jason Lewis (May 27)