[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] UDP Scans
- Subject: RE: [cobalt-security] UDP Scans
- From: Carrie Bartkowiak <ravencarrie@xxxxxxxx>
- Date: Fri, 6 Jul 2001 11:32:28 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Fri, 6 Jul 2001 14:34:40 +0100, Simon Wilson wrote:
>>This is a small snip of the log. Does this help with the analysis?
>>The ***.**.** are the same address as my box. All the scans are UDP
>>port 137
>>or 138.
I'm willing to bet that you're using 4Webspace.
When I was with them, I got the same crap. Emailed them about it and
they admitted that they were using Windoze boxes, but that I should
configure my box to ignore those packets. I suppose they didn't know
how to stop their boxes from spilling packets all over the network.
Ports 137 and 138 aren't in use by anything on your RaQ (one of the
reasons PortSentry can bind to them) - quit worrying about this. Just
take those port numbers out of the TCP and UDP lines in your
portsentry.conf file.
--
Carrie Bartkowiak, ravencarrie@xxxxxxxx on 07/06/2001