North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: UDP port 137 Question
Eric, Good point that nobody else mentioned. Since the network number is freshly allocated, I believe (not recycled), I'm pretty sure that this is not the case *this* time. Anyway, I'm filing away all of the interesting responses. The port 137/UDP traffic may indeed be harmless. Some other packets I'm now seeing (port 139/TCP, 1-2 packets, from different source IPs) seem to indicate this may be more than Micro$oft misconfiguration . . . On Tue, 6 Jan 1998, Eric Germann wrote: > The other less paranoid scenario is they were renumbered and didn't update > some server mappings in WINS or LMHOSTS and you were lucky enough to get > their old space. > > Eric > > > At 10:52 AM 1/6/98 -0800, Dalvenjah FoxFire wrote: > >C. Jon Larsen put this into my mailbox: > >> > >> Is there any *valid* reason to see UDP traffic directed at a unix box's > >> port 137 coming from IP sources across the internet ? The unix servers in > >> question are most definitely *not* running samba, and there is absolutely > >> no NT anywhere on this customer's network (that is seeing the incoming UDP > >> traffic directed at an IP destination address on port 137). (A couple > >> of 95 boxes scattered across an Ethernet comprise the Micro$oft part of > >> the network). None of the 95 boxen are running any file or print serving > >> (sharing) resources. > >> > >> I can't think of any valid reason to see this traffic, personally. Anybody > >> out there that can present a scenario where I would expect to see these > >> UDP packets coming back in ? > > > >No. Doubtless some idiot thinks everybody runs WinDoze and is trying to > >winnuke you, especially if several boxes get hit one after the other. > >E-mail the contacts of the source address and ask that the account > >be removed; chances are the person wasn't clueful enough to spoof the > >source address. > > > >-dalvenjah > > > >-- > > Dalvenjah FoxFire (aka Sven Nielsen) "Hath not a dude eyes? If you prick us, > > Founder, the DALnet IRC Network do we not get bummed? If we eat bad > > guacamole, do we not blow chunks?" > > e-mail: [email protected] - Keanu Reeves as Shylock in The > Critic > > whois: SN90 WWW: http://www.dal.net/~dalvenjah/ > > > > > ============================================================================ > ==== > Eric Germann Computer and Communications Technologies > [email protected] Van Wert, OH 45891 > Phone: 419 968 2640 > http://www.cctec.com Fax: 419 968 2641 > > Network Design, Connectivity & System Integration Services > A Microsoft Solution Provider >
|