Re: portscan destination port 137

["Eric Joe" <sysop () tje1 com>]

> Since udp 137 is a well-known M$ port this could be
> normal, but it's worth checking.  No one with a source
> IP that you don't know should be hitting that port
> anyway (to be frank, no one at all should be hitting
> that port).  So check the target for vulnerability
> (file and print sharing, shares, non-renamed
> administrator account....) and see if the source is an
> attacker.

It would be a very good idea to block this port all together (along with
135 and 139) at your border router, then it becomes a non issue and its
much safer for your users.


-- 
Eric Joe
Network Operations
Journey's End Internet/Computer Connection Inc




-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users