This is a multi-part message in MIME format. ------=_NextPart_000_0060_01BF7888.E9D21D50 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi folks, I discovered a strange thing on a Firewall (IPCHAINS-based, RedHat 6.0, = Kernel 2.2.12-20). There are lots of connect-attempts to this machine to = Port 137 (NetBIOS-NameService). These attempts are blocked but = nethertheless I'm wondering, since the source of these packets are = addresses throughout Europe and they doesn't seem to be broadcasts = (destination address is exactly that machine).=20 We have some other Firewalls set up just the same on the same network = and they don't get these packets... Is this something to be worried about? ------=_NextPart_000_0060_01BF7888.E9D21D50 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content=3D"text/html; charset=3Diso-8859-1" = http-equiv=3DContent-Type> <META content=3D"MSHTML 5.00.2314.1000" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT size=3D2>Hi folks,</FONT></DIV> <DIV><FONT size=3D2>I discovered a strange thing on a Firewall = (IPCHAINS-based,=20 RedHat 6.0, Kernel 2.2.12-20). There are lots of connect-attempts to = this=20 machine to Port 137 (NetBIOS-NameService). These attempts are blocked = but=20 nethertheless I'm wondering, since the source of these packets are = addresses=20 throughout Europe and they doesn't seem to be broadcasts (destination = address is=20 exactly that machine). </FONT></DIV> <DIV><FONT size=3D2>We have some other Firewalls set up just the same on = the same=20 network and they don't get these packets...</FONT></DIV> <DIV> </DIV> <DIV><FONT size=3D2>Is this something to be worried=20 about?</FONT></DIV></BODY></HTML> ------=_NextPart_000_0060_01BF7888.E9D21D50--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:04:01 PDT