RE: [fw-wiz] RE: Help w/ Port 137 Traffic

• Previous message: Paul D. Robertson: "Re: [fw-wiz] Variations of firewall ruleset bypass via FTP"
• In reply to: Luca Berra: "Re: [fw-wiz] RE: Help w/ Port 137 Traffic"
• Next in thread: Mikael Olsson: "Re: [fw-wiz] RE: Help w/ Port 137 Traffic"
• Next in thread: R. DuFresne: "Re: [fw-wiz] RE: Help w/ Port 137 Traffic"
• Reply: Mikael Olsson: "Re: [fw-wiz] RE: Help w/ Port 137 Traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The netbios Name query/response packets are in the same format as DNS query/response packets, just on port 137 instead of 53 so you could use DNS tools connected to port 137 instead of SAMBA. This doesn't help with port 139 traffic although Ethereal has a good netbios dissector.

-----Original Message-----
From: firewall-wizards-adminat_private
[mailto:firewall-wizards-adminat_private]On Behalf Of Luca
Berra
Sent: Mon October 14 2002 02:50
To: firewall-wizardsat_private
Subject: Re: [fw-wiz] RE: Help w/ Port 137 Traffic

<snip>

as a last note i am also getting many probes on port 137 and 139, but
they seem unrelated, i might try answering to netbios-ns lookups and see
what happens, if i find a smaller beast than samba to use, that is.


_______________________________________________
firewall-wizards mailing list
firewall-wizardsat_private
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Next message: Dominic Malig: "[fw-wiz] Proverbial appliance vs software based firewall"
• Previous message: Paul D. Robertson: "Re: [fw-wiz] Variations of firewall ruleset bypass via FTP"
• In reply to: Luca Berra: "Re: [fw-wiz] RE: Help w/ Port 137 Traffic"
• Next in thread: Mikael Olsson: "Re: [fw-wiz] RE: Help w/ Port 137 Traffic"
• Next in thread: R. DuFresne: "Re: [fw-wiz] RE: Help w/ Port 137 Traffic"
• Reply: Mikael Olsson: "Re: [fw-wiz] RE: Help w/ Port 137 Traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Oct 14 2002 - 10:05:47 PDT