[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] UDP Scans

Subject: RE: [cobalt-security] UDP Scans
From: Carrie Bartkowiak <ravencarrie@xxxxxxxx>
Date: Fri, 6 Jul 2001 11:32:28 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Fri, 6 Jul 2001 14:34:40 +0100, Simon Wilson wrote:
>>This is a small snip of the log. Does this help with the analysis?
>>The ***.**.** are the same address as my box. All the scans are UDP
>>port 137
>>or 138.

I'm willing to bet that you're using 4Webspace.
When I was with them, I got the same crap. Emailed them about it and 
they admitted that they were using Windoze boxes, but that I should 
configure my box to ignore those packets. I suppose they didn't know 
how to stop their boxes from spilling packets all over the network.

Ports 137 and 138 aren't in use by anything on your RaQ (one of the 
reasons PortSentry can bind to them) - quit worrying about this. Just 
take those port numbers out of the TCP and UDP lines in your 
portsentry.conf file.

-- 
Carrie Bartkowiak, ravencarrie@xxxxxxxx on 07/06/2001

References:
- RE: [cobalt-security] UDP Scans
  - From: Simon Wilson
- Re: [cobalt-security] UDP Scans
  - From: shimi

Prev by Date: Re: [cobalt-security] Cobalt Cube Webmail directory traversal (fwd)
Next by Date: Re: [cobalt-security] Cobalt Cube Webmail directory traversal (fwd)
Previous by thread: RE: [cobalt-security] UDP Scans
Next by thread: Re: [cobalt-security] UDP Scans

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index