Annoying Port 135 Connection Attempts

To: debian-user@lists.debian.org
Subject: Annoying Port 135 Connection Attempts
From: Mark Hammer <markhammer@mfire.com>
Date: Sun, 31 Aug 2003 18:22:52 -0400
Message-id: <[🔎] E19taaz-0000H8-00@debian>

I am getting many connection attempts to my port 135 from outside.  
They appear to be coming from other dialin connections to my ISP.  
This is the port that micro$loth left open to attack, which the 
MSblaster worm has been using.

I know that my linux box isn't vulnerable, and that I've got 
nothing listening to the port.  But each of these connection 
attempts is triggering my diald to stay connected, so it is major 
annoying.

Is there an obvious way to stop these attempts?  Or is there a way 
to modify my /etc/diald/diald.defaults filters?  Here is what I 
have done, which is admittedly simplistic:

# I commented out the standard.filter include statement above,
# since it was setting timeouts of 30 seconds for DNS lookups
# (udp.domain), and 120 seconds for HTTP (tcp.www).  This is too
# short for web browsing, so I blanket changed everything to:
# For any UDP, give 5 more minutes up time.  For TCP, 20 minutes.
accept udp 300 any
accept tcp 1200 any

Thanks,
David

Reply to:

Follow-Ups:
- Re: Annoying Port 135 Connection Attempts
  - From: Rick Pasotto <rick@niof.net>

Prev by Date: Re: Howto get one (1) file from an rpm ???
Next by Date: Re: Annoying Port 135 Connection Attempts
Previous by thread: Suspicious Diald Attempts to nsmialogin.passport.com:443 Etc
Next by thread: Re: Annoying Port 135 Connection Attempts
Index(es):
- Date
- Thread