UDP port 137 Question
Henry Linneweh
linneweh at concentric.net
Wed Jan 7 07:15:21 UTC 1998
port 139 is the OOB bug known as winnuke attack and can be patched, variations
come through other ports as directed by Linux boxes at win95 users or MS users
Henry R. Linneweh
C. Jon Larsen wrote:
> Is there any *valid* reason to see UDP traffic directed at a unix box's
> port 137 coming from IP sources across the internet ? The unix servers in
> question are most definitely *not* running samba, and there is absolutely
> no NT anywhere on this customer's network (that is seeing the incoming UDP
> traffic directed at an IP destination address on port 137). (A couple
> of 95 boxes scattered across an Ethernet comprise the Micro$oft part of
> the network). None of the 95 boxen are running any file or print serving
> (sharing) resources.
>
> I can't think of any valid reason to see this traffic, personally. Anybody
> out there that can present a scenario where I would expect to see these
> UDP packets coming back in ?
>
> netbios-ns 137/tcp nbns
> netbios-ns 137/udp nbns
> netbios-dgm 138/tcp nbdgm
> netbios-dgm 138/udp nbdgm
> netbios-ssn 139/tcp nbssn
>
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> C. Jon Larsen Email: jlarsen at ford.ajtech.com
> Systems Engineer Voice: +1.804.353.2800 x118
> A&J Technologies http://www.ajtech.com
>
> PGP Key fingerprint: 8A 62 4C 6E 1E 3C CD 63 B3 16 1A 1B D2 61 EE 97
> PGP Public key available at: http://ford.ajtech.com/CJL.txt
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
--
¢4i1å
More information about the NANOG
mailing list