North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: UDP port 137 Question

  • From: Eric Germann
  • Date: Tue Jan 06 14:17:51 1998 
The other less paranoid scenario is they were renumbered and didn't update
some server mappings in WINS or LMHOSTS and you were lucky enough to get
their old space.

Eric


At 10:52 AM 1/6/98 -0800, Dalvenjah FoxFire wrote:
>C. Jon Larsen put this into my mailbox:
>> 
>> Is there any *valid* reason to see UDP traffic directed at a unix box's
>> port 137 coming from IP sources across the internet ? The unix servers in
>> question are most definitely *not* running samba, and there is absolutely
>> no NT anywhere on this customer's network (that is seeing the incoming UDP
>> traffic directed at an IP destination address on port 137). (A couple
>> of 95 boxes scattered across an Ethernet comprise the Micro$oft part of
>> the network). None of the 95 boxen are running any file or print serving
>> (sharing) resources.
>> 
>> I can't think of any valid reason to see this traffic, personally. Anybody
>> out there that can present a scenario where I would expect to see these
>> UDP packets coming back in ?
>
>No. Doubtless some idiot thinks everybody runs WinDoze and is trying to
>winnuke you, especially if several boxes get hit one after the other.
>E-mail the contacts of the source address and ask that the account
>be removed; chances are the person wasn't clueful enough to spoof the
>source address.
>
>-dalvenjah
>
>-- 
> Dalvenjah FoxFire (aka Sven Nielsen) "Hath not a dude eyes? If you prick us,
> Founder, the DALnet IRC Network       do we not get bummed? If we eat bad
>                                       guacamole, do we not blow chunks?"
> e-mail: [email protected]              - Keanu Reeves as Shylock in The
Critic
> whois: SN90			     WWW: http://www.dal.net/~dalvenjah/  
> 


============================================================================
====
Eric Germann				Computer and Communications Technologies
[email protected]			Van Wert, OH 45891
					Phone:	419 968 2640
http://www.cctec.com			Fax:	419 968 2641

Network Design, Connectivity & System Integration Services 
A Microsoft Solution Provider