/ Forside / Teknologi / Internet / Sikkerhed / Nyhedsindlæg
Login
Glemt dit kodeord?
Brugernavn

Kodeord


Reklame
Top 10 brugere
Sikkerhed
#NavnPoint
stl_s 37026
arlet 26827
miritdk 20260
o.v.n. 12167
als 8951
refi 8694
tedd 8272
BjarneD 7338
Klaudi 7257
10  molokyle 6481
Nogle vil snakke med min port 137
Fra : BB


Dato : 23-02-03 18:18

Hvorfor prøver de alle at komme i kontakt med min port 137 (netbios-ns)?
Skal jeg bare slå reporter fra og være ligeglad?

Sun Feb 23 15:08:10 2003 - policy rule - tcp
[wan,163.23.75.129,80.62.50.146:1524] - [discard]
Sun Feb 23 15:08:40 2003 - policy rule - udp
[wan,217.39.16.84,80.62.50.146:137] - [discard]
Sun Feb 23 15:14:09 2003 - policy rule - udp
[wan,80.37.214.215,80.62.50.146:137] - [discard]
Sun Feb 23 15:19:05 2003 - policy rule - udp
[wan,211.159.94.207,80.62.50.146:137] - [discard]
Sun Feb 23 15:20:08 2003 - policy rule - udp
[wan,210.214.163.220,80.62.50.146:137] - [discard]
Sun Feb 23 15:25:32 2003 - policy rule - udp
[wan,61.169.94.71,80.62.50.146:137] - [discard]
Sun Feb 23 15:27:49 2003 - policy rule - udp
[wan,80.97.94.17,80.62.50.146:137] - [discard]
Sun Feb 23 15:29:44 2003 - policy rule - udp
[wan,218.230.91.130,80.62.50.146:137] - [discard]
Sun Feb 23 15:30:00 2003 - policy rule - udp
[wan,203.69.117.252,80.62.50.146:137] - [discard]
Sun Feb 23 15:31:35 2003 - policy rule - udp
[wan,64.221.153.130,80.62.50.146:137] - [discard]
Sun Feb 23 15:37:47 2003 - policy rule - udp
[wan,194.27.18.129,80.62.50.146:137] - [discard]
Sun Feb 23 15:44:00 2003 - policy rule - udp
[wan,218.236.146.177,80.62.50.146:137] - [discard]
Sun Feb 23 15:52:21 2003 - policy rule - udp
[wan,61.185.30.63,80.62.50.146:137] - [discard]
Sun Feb 23 15:59:53 2003 - policy rule - udp
[wan,62.112.220.220,80.62.50.146:137] - [discard]
Sun Feb 23 16:02:46 2003 - policy rule - udp
[wan,62.248.25.36,80.62.50.146:137] - [discard]
Sun Feb 23 16:03:56 2003 - policy rule - udp
[wan,217.50.135.6,80.62.50.146:137] - [discard]
Sun Feb 23 16:05:17 2003 - policy rule - udp
[wan,217.82.215.52,80.62.50.146:137] - [discard]
Sun Feb 23 16:07:02 2003 - policy rule - udp
[wan,81.134.58.8,80.62.50.146:137] - [discard]
Sun Feb 23 16:11:06 2003 - policy rule - udp
[wan,61.134.116.105,80.62.50.146:137] - [discard]
Sun Feb 23 16:15:30 2003 - policy rule - udp
[wan,212.195.144.74,80.62.50.146:137] - [discard]
Sun Feb 23 16:15:46 2003 - policy rule - udp
[wan,195.224.85.76,80.62.50.146:137] - [discard]
Sun Feb 23 16:16:13 2003 - policy rule - udp
[wan,66.110.19.26,80.62.50.146:137] - [discard]
Sun Feb 23 16:20:21 2003 - policy rule - udp
[wan,200.148.204.27,80.62.50.146:137] - [discard]
Sun Feb 23 16:21:49 2003 - policy rule - udp
[wan,64.229.4.164,80.62.50.146:137] - [discard]
Sun Feb 23 16:24:46 2003 - policy rule - udp
[wan,81.213.56.180,80.62.50.146:137] - [discard]
Sun Feb 23 16:26:44 2003 - policy rule - udp
[wan,203.69.158.90,80.62.50.146:137] - [discard]
Sun Feb 23 16:28:13 2003 - policy rule - udp
[wan,203.248.117.4,80.62.50.146:137] - [discard]
Sun Feb 23 16:29:08 2003 - policy rule - udp
[wan,202.41.227.218,80.62.50.146:137] - [discard]
Sun Feb 23 16:31:02 2003 - policy rule - udp
[wan,218.172.156.1,80.62.50.146:137] - [discard]
Sun Feb 23 16:32:36 2003 - policy rule - udp
[wan,200.153.191.126,80.62.50.146:137] - [discard]
Sun Feb 23 16:42:15 2003 - policy rule - udp
[wan,213.136.99.38,80.62.50.146:137] - [discard]
Sun Feb 23 16:42:52 2003 - policy rule - udp
[wan,61.217.83.40,80.62.50.146:137] - [discard]
Sun Feb 23 16:43:31 2003 - policy rule - udp
[wan,213.80.49.115,80.62.50.146:137] - [discard]
Sun Feb 23 16:44:06 2003 - policy rule - udp
[wan,211.44.180.204,80.62.50.146:137] - [discard]
Sun Feb 23 16:45:14 2003 - policy rule - udp
[wan,62.99.92.223,80.62.50.146:137] - [discard]
Sun Feb 23 16:49:28 2003 - policy rule - udp
[wan,202.163.253.123,80.62.50.146:137] - [discard]
Sun Feb 23 16:51:00 2003 - policy rule - udp
[wan,209.71.196.107,80.62.50.146:137] - [discard]
Sun Feb 23 16:51:00 2003 - policy rule - udp
[wan,218.64.129.226,80.62.50.146:137] - [discard]
Sun Feb 23 16:53:06 2003 - policy rule - udp
[wan,203.113.32.11,80.62.50.146:137] - [discard]
Sun Feb 23 16:56:44 2003 - policy rule - udp
[wan,61.94.177.58,80.62.50.146:137] - [discard]
Sun Feb 23 16:56:58 2003 - policy rule - udp
[wan,62.107.130.226,80.62.50.146:137] - [discard]
Sun Feb 23 16:59:57 2003 - policy rule - udp
[wan,200.40.234.5,80.62.50.146:137] - [discard]
Sun Feb 23 17:03:44 2003 - policy rule - udp
[wan,210.206.245.119,80.62.50.146:137] - [discard]
Sun Feb 23 17:08:11 2003 - policy rule - udp
[wan,81.132.139.182,80.62.50.146:137] - [discard]
Sun Feb 23 17:10:27 2003 - policy rule - udp
[wan,202.157.94.201,80.62.50.146:137] - [discard]
Sun Feb 23 17:11:21 2003 - policy rule - udp
[wan,200.72.147.151,80.62.50.146:137] - [discard]
Sun Feb 23 17:15:05 2003 - policy rule - udp
[wan,213.137.60.71,80.62.50.146:137] - [discard]
Sun Feb 23 17:16:15 2003 - policy rule - udp
[wan,80.137.160.154,80.62.50.146:137] - [discard]
Sun Feb 23 17:17:13 2003 - policy rule - udp
[wan,196.39.83.20,80.62.50.146:137] - [discard]
Sun Feb 23 17:17:15 2003 - policy rule - udp
[wan,218.20.57.236,80.62.50.146:137] - [discard]
Sun Feb 23 17:20:22 2003 - policy rule - udp
[wan,61.119.191.41,80.62.50.146:137] - [discard]
Sun Feb 23 17:20:29 2003 - policy rule - udp
[wan,200.204.105.236,80.62.50.146:137] - [discard]
Sun Feb 23 17:28:34 2003 - policy rule - udp
[wan,216.8.130.48,80.62.50.146:137] - [discard]
Sun Feb 23 17:29:46 2003 - policy rule - udp
[wan,68.119.68.212,80.62.50.146:137] - [discard]
Sun Feb 23 17:33:55 2003 - policy rule - udp
[wan,217.235.160.134,80.62.50.146:137] - [discard]
Sun Feb 23 17:42:56 2003 - policy rule - udp
[wan,194.249.36.148,80.62.50.146:137] - [discard]
Sun Feb 23 17:44:25 2003 - policy rule - udp
[wan,61.177.219.10,80.62.50.146:137] - [discard]
Sun Feb 23 17:44:26 2003 - policy rule - udp
[wan,67.35.51.7,80.62.50.146:137] - [discard]
Sun Feb 23 17:46:14 2003 - policy rule - udp
[wan,65.28.240.206,80.62.50.146:137] - [discard]
Sun Feb 23 17:48:17 2003 - policy rule - udp
[wan,61.231.21.209,80.62.50.146:137] - [discard]
Sun Feb 23 17:48:53 2003 - policy rule - udp
[wan,213.154.77.30,80.62.50.146:137] - [discard]
Sun Feb 23 17:52:46 2003 - policy rule - udp
[wan,216.193.161.51,80.62.50.146:137] - [discard]
Sun Feb 23 17:55:00 2003 - policy rule - udp
[wan,145.254.36.71,80.62.50.146:137] - [discard]
Sun Feb 23 17:56:28 2003 - policy rule - udp
[wan,66.245.9.65,80.62.50.146:137] - [discard]
Sun Feb 23 17:56:45 2003 - policy rule - udp
[wan,204.31.45.167,80.62.50.146:137] - [discard]
Sun Feb 23 17:59:52 2003 - policy rule - udp
[wan,210.118.196.24,80.62.50.146:137] - [discard]
Sun Feb 23 18:00:01 2003 - policy rule - tcp
[wan,218.233.18.251,80.62.50.146:443] - [discard]
Sun Feb 23 18:00:04 2003 - policy rule - tcp
[wan,218.233.18.251,80.62.50.146:443] - [discard]
Sun Feb 23 18:00:18 2003 - policy rule - udp
[wan,217.230.40.85,80.62.50.146:137] - [discard]
Sun Feb 23 18:04:06 2003 - policy rule - udp
[wan,213.204.156.93,80.62.50.146:137] - [discard]
Sun Feb 23 18:06:21 2003 - policy rule - udp
[wan,61.145.128.99,80.62.50.146:137] - [discard]
Sun Feb 23 18:08:46 2003 - policy rule - udp
[wan,65.137.127.72,80.62.50.146:137] - [discard]
Sun Feb 23 18:08:49 2003 - policy rule - udp
[wan,24.197.213.125,80.62.50.146:137] - [discard]


VH
BB
København


*Remove NOSPAM in my mail address for personal mail.*
Norton AntiVirus is sending my email.



 
 
Michael U. Hove (23-02-2003)
Kommentar
Fra : Michael U. Hove


Dato : 23-02-03 19:25

BB wrote:
> Hvorfor prøver de alle at komme i kontakt med min port 137 (netbios-ns)?
> Skal jeg bare slå reporter fra og være ligeglad?
>
> Sun Feb 23 15:08:10 2003 - policy rule - tcp
> [wan,163.23.75.129,80.62.50.146:1524] - [discard]
> Sun Feb 23 15:08:40 2003 - policy rule - udp
> [wan,217.39.16.84,80.62.50.146:137] - [discard]

[snip]

Kunne være en IIS server inficeret med Nimda, eller en der scanner dig
med en Legion NetBIOS scanner. Windows portene 137-139 er nogle af de
mest "angrebne" på nettet overhovedet jvf:

http://isc.incidents.org/

Portscans er ikke i sig selv farlige, din firewall smider jo pakkerne
som den skal...de farlige er dem den ikke ser...

Optimalt set kunne du også checke din evt. Windows fileshare, dræbe
TCP/IP bindingen, og bruge IPX/SPX ell. NetBEUI istedet. Så er du ikke
interessant for port 137 "angreb" længere.

Mvh.

Michael.


Michael U. Hove (23-02-2003)
Kommentar
Fra : Michael U. Hove


Dato : 23-02-03 19:44

Michael U. Hove wrote:
> BB wrote:
>
>> Hvorfor prøver de alle at komme i kontakt med min port 137 (netbios-ns)?
>> Skal jeg bare slå reporter fra og være ligeglad?
>>
>> Sun Feb 23 15:08:10 2003 - policy rule - tcp
>> [wan,163.23.75.129,80.62.50.146:1524] -
>> [discard]
>> Sun Feb 23 15:08:40 2003 - policy rule - udp
>> [wan,217.39.16.84,80.62.50.146:137] -
>> [discard]
>
>
> [snip]
>
> Kunne være en IIS server inficeret med Nimda, eller en der scanner dig
> med en Legion NetBIOS scanner. Windows portene 137-139 er nogle af de
> mest "angrebne" på nettet overhovedet jvf:
>
> http://isc.incidents.org/
>
> Portscans er ikke i sig selv farlige, din firewall smider jo pakkerne
> som den skal...de farlige er dem den ikke ser...
>
> Optimalt set kunne du også checke din evt. Windows fileshare, dræbe
> TCP/IP bindingen, og bruge IPX/SPX ell. NetBEUI istedet. Så er du ikke
> interessant for port 137 "angreb" længere.
>
> Mvh.
>
> Michael.
>

Derimod ser tcp connect attemptet på port 1524 lidt mere sjovt ud.
Højst sandsynligt en inficeret host, der scanner efter andre Trojanere.
Som regel er port 1524 Trinoo ell. Wintrinoo, der kan bruges i DDos
(Distributed-Denial-of-Service) angreb:

Mere læsestof her:

http://www.sans.org/resources/idfaq/trinoo.php

Mvh.

Michael


Søg
Reklame
Statistik
Spørgsmål : 177559
Tips : 31968
Nyheder : 719565
Indlæg : 6408938
Brugere : 218888

Månedens bedste
Årets bedste
Sidste års bedste