Possible probe of port 137 using udp 50?????

From: Carder James O CNIN CONT (CarderJOat_private)
Date: Mon Aug 13 2001 - 06:10:04 PDT

Next message: martin.goudreaultat_private: "Re: Winnt/Win2k Vuln ?"

Previous message: Jonas Thambert: "RE: Wireless Lans give EVERYONE ACCESS"
Next in thread: Skinner, Kit: "RE: Possible probe of port 137 using udp 50?????"
Reply: Skinner, Kit: "RE: Possible probe of port 137 using udp 50?????"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Everybody,

	Just got a quick question.  I was reviewing logs on my shadow box
and noticed that for a period of a couple hours we had packet conversation
between two hosts ( one local and one remote ) through port 137 using udp
50.  My PIX acl's dont have any ruleset to allow this network in at all
except through say port 80 to our web servers.  Is this a known attack or
probe?  Thanks.

James Carder

Next message: martin.goudreaultat_private: "Re: Winnt/Win2k Vuln ?"
Previous message: Jonas Thambert: "RE: Wireless Lans give EVERYONE ACCESS"
Next in thread: Skinner, Kit: "RE: Possible probe of port 137 using udp 50?????"
Reply: Skinner, Kit: "RE: Possible probe of port 137 using udp 50?????"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 08:49:38 PDT