On Monday 28 May 2001 11:15, James Friesen wrote: > This is simply MS services trying to do name searches using WINS > resolution. Disable NetBIOS if you want to eliminate these messages. > > It woule be nice if these packets could turn themselves off past the > router. Huh? My firewall was also scanned by intruder.rs88.net (208.50.149.200) and I was not trying to perform any kind of WINS resolution. NetBIOS has no home on my network, either. The only port open on my firewall is 22. Maybe M[r/s]. intruder is scanning for ssh servers? > >:> -----Original Message----- > >:> From: Simos Xenitellis [mailto:simosat_private] > >:> Sent: Sunday, May 27, 2001 4:39 PM > >:> To: Jason Lewis > >:> Cc: INCIDENTSat_private > >:> Subject: RE: Scanning from a "intruder.rs88.net"? > >:> > >:> On Sun, 27 May 2001, Jason Lewis wrote: > >:> > What is running on the machine these logs came from? Web, DNS, FTP? > >:> > > >:> > Microsoft boxes attempt to connect via NetBIOS or do WINS > >:> > >:> lookups on servers > >:> > >:> > they are trying to use services on. A windows box will try > >:> > >:> to connect on > >:> > >:> > port 137 if it is trying to access your web server. I dump > >:> > >:> all that traffic > >:> > >:> > at my border router. > >:> > >:> It is not a WWW server. > >:> It appears to have ports 22 and 80 firewalled. > >:> > >:> simos
This archive was generated by hypermail 2b30 : Mon May 28 2001 - 21:14:01 PDT