Re: OT: port scan

[brian moore <bem@cmc.net>]

On Tue, Nov 28, 2000 at 05:38:12PM -0600, Richard Cobbe wrote:
> 
> Well, they can be.  Connections to TCP ports 137, 138, and 139 are part of
> Windows file- and printer-sharing.  I don't know all that much about how
> SMB works, but I'm fairly sure there are broadcasts to these ports
> involved, primarily in setting up the Network Neighborhood.

Yes, and here are even worms for Windows that go probing looking for
open SMB shares to write themselves into.

> So, if you happen to be on a network (like, say, a cable modem local loop)
> with some Windows PCs that have file/print sharing turned on, these may not
> represent a security problem.  (Well, for *you*, anyway.)

Or if you happen to be on a network 'near' (typically within a dozen
/24's or so) of someone with one of the above worms running....

-- 
CueCat decoder .signature by Larry Wall:
#!/usr/bin/perl -n
printf "Serial: %s Type: %s Code: %s\n", map { tr/a-zA-Z0-9+-/ -_/; $_ = unpack
'u', chr(32 + length()*3/4) . $_; s/\0+$//; $_ ^= "C" x length; } /\.([^.]+)/g;