[1964] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] What is someone looking for??

daemon@ATHENA.MIT.EDU (Ryan Matteson)
Sat Jul 11 19:01:45 1998

Date: Thu, 09 Jul 1998 17:44:30 -0400
From: Ryan Matteson <x96matteson@wmich.edu>
To: linux-security@redhat.com
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com

I am currently blocking out netbios UDP port 137 on my firewall and was
wondering what the following means in terms of security:

Jul  9 16:19:05 oscar kernel: IP fw-in rej eth0 UDP SOMEONES_IP:137
MY_IP:137 L=78 S=0x00 I=46484 F=0x0000 T=111

I have gottena  few 100 of these and was wondering if there are some
vulnerabilties related to netbios out there?? What do the S/I/F/L fields
stand for?? I assume T= TOS? Thanks for any info I would appreciate any
info/URL's now. Is there a way to tell tcpdump to dump all netbios
packets originating from outside my present class C to a file for future
viewing?? Thanks again I apprecaite the help

Ryan

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post