North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Port 139 scans
On Fri, 29 Sep 2000, John Fraizer wrote: > It might be a good idea to implement filtering on the borders for TCP SYN > from 0/0 to 0/0 port 7597. That way, at least it can't be used once it's > installed. > > I realize it is unrealistic to block 0/0 to 0/0 port 139 on the borders > without breaking tons of winblows customers. It sure would be nice > though. Especially considering the scope of things and how fast it's > spreading. We're also seeing a number of scans at a time. I wonder if anyone else is bothering to pass on reports to the originating netblock contacts. I don't know why we shouldn't block port 139. I blocked 137-139 for years when I was running our previous ISP and no complaints. As they say, let them use FTP! Good thought though, I'll have to add 7597 to our filters. Chuck Scott
|