On Sat, Jun 30, 2001 at 03:47:59AM -0700, Thomas Salling wrote:
> I get quite at lot of these entries from various IP's.
> "Jun 30 03:18:38 debbie kernel: Packet log: input DENY eth0 PROTO=17 220.127.116.11:1415 10.0.0.200:137 L=78 S=0x00 I=62563 F=0x0000 T=118 (#5)"
> The only access to port 137 is from my local network, so the kernal deny's all access (as it should), but i'm wondering. Is this an attack? If this really is an attach, how come I get "probed" up to 6 times a day? Are there really THAT many scriptkiddies, attackers, hackere or whatever ?
If you have Windows machines on your network, and the IPs you have are of
Windows machines, then it is indeed Windows machines just probing you, as
they do. SMB is an extremely noisy protocol.
Daniel Stone <firstname.lastname@example.org>
<Nuke> "can NE1 help me aim nuclear weaponz????? /MSG ME!!"
- From: "Thomas Salling" <email@example.com>