Home page logo

nanog logo nanog mailing list archives

Re: UDP port 137 Question
From: Melody Yoon <melodyy () best com>
Date: Tue, 6 Jan 1998 11:10:45 -0800 (PST)

On Tue, 6 Jan 1998, C. Jon Larsen wrote:

Is there any *valid* reason to see UDP traffic directed at a unix box's
port 137 coming from IP sources across the internet ? The unix servers in
question are most definitely *not* running samba, and there is absolutely
no NT anywhere on this customer's network (that is seeing the incoming UDP
traffic directed at an IP destination address on port 137). (A couple
of 95 boxes scattered across an Ethernet comprise the Micro$oft part of
the network). None of the 95 boxen are running any file or print serving
(sharing) resources.
[stuff cut]

Hi Jon. If memory serves, Netbios nameservices are generally only on the
same segment unless you have an NT/Samba server somewhere... As it is, it
should *NOT* be directed at your Unix boxes and definately not coming
across the Internet. My guess is that someone may be attempting a bad OOB
data attack on port 137 thinking that your Unix box is some type of PC.


Melody Lynn Yoon      melodyy () best com              | Graduate - '97 MSF
Senior SA - Taos Mountain Software, Santa Clara, CA | NRA Member
-- I do not accept commercial, unsolicited email
-- http://www.best.com/~melodyy/spam.policy.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]