[1972] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: What is someone looking for??

daemon@ATHENA.MIT.EDU (forcer)
Sun Jul 12 04:56:54 1998

Date: Sun, 12 Jul 1998 01:34:07 +0200
From: forcer <forcer@mindless.com>
To: linux-security@redhat.com
Mail-Followup-To: linux-security@redhat.com
In-Reply-To: <35A539BE.B30D9005@wmich.edu>; from Ryan Matteson on Thu, Jul 09, 1998 at 05:44:30PM -0400
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com

On Thu, Jul 09, 1998 at 05:44:30PM -0400, Ryan Matteson wrote:
>I am currently blocking out netbios UDP port 137 on my firewall and was
>wondering what the following means in terms of security:
>
>Jul  9 16:19:05 oscar kernel: IP fw-in rej eth0 UDP SOMEONES_IP:137
>MY_IP:137 L=78 S=0x00 I=46484 F=0x0000 T=111
>
>I have gottena  few 100 of these and was wondering if there are some
>vulnerabilties related to netbios out there?? What do the S/I/F/L fields
>stand for?? I assume T= TOS? Thanks for any info I would appreciate any
>info/URL's now. Is there a way to tell tcpdump to dump all netbios
>packets originating from outside my present class C to a file for future
>viewing?? Thanks again I apprecaite the help

137/udp is netbios-ns.
The someone is probably checking for the Netbios-name of your machine.
Yes, there are some vulnerabilities known.
Samba was until recently remotely exploitable to gain root access, and
there's still the possibility of public shares.
Hope i could help,
	-forcer

-- 
/* If you understand what you're doing, you're not learning anything.     */
/* email: forcer@mindless.com      -><- www: http://webserver.de/forcer/  */
/* IRC: forcer@#StarWars (IRCnet)  -><- PGP/GPG: available on my website  */

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post