Re: Hmm

To: Thomas Salling <tl@ziz.dk>
Cc: debian-firewall@lists.debian.org
Subject: Re: Hmm
From: Daniel Stone <daniel@sfarc.net>
Date: Sat, 30 Jun 2001 11:50:42 +1000
Message-id: <20010630115042.A14755@sfarc.net>
Mail-followup-to: Thomas Salling <tl@ziz.dk>, debian-firewall@lists.debian.org
In-reply-to: <000c01c10152$2367b630$1000000a@monica>
References: <000c01c10152$2367b630$1000000a@monica>

On Sat, Jun 30, 2001 at 03:47:59AM -0700, Thomas Salling wrote:
> I get quite at lot of these entries from various IP's.
> 
> "Jun 30 03:18:38 debbie kernel: Packet log: input DENY eth0 PROTO=17 217.82.6.221:1415 10.0.0.200:137 L=78 S=0x00 I=62563 F=0x0000 T=118 (#5)"
> 
> The only access to port 137 is from my local network, so the kernal deny's all access (as it should), but i'm wondering. Is this an attack? If this really is an attach, how come I get "probed" up to 6 times a day? Are there really THAT many scriptkiddies, attackers, hackere or whatever ? 

If you have Windows machines on your network, and the IPs you have are of
Windows machines, then it is indeed Windows machines just probing you, as
they do. SMB is an extremely noisy protocol.

:) d

-- 
Daniel Stone						     <daniel@sfarc.net>
<Nuke> "can NE1 help me aim nuclear weaponz????? /MSG ME!!"

Reply to:

References:
- Hmm
  - From: "Thomas Salling" <tl@ziz.dk>

Prev by Date: Hmm
Next by Date: Re: Hmm
Previous by thread: Hmm
Next by thread: Re: Hmm
Index(es):
- Date
- Thread