On Tue, 6 Jan 1998, C. Jon Larsen wrote:
Is there any *valid* reason to see UDP traffic directed at a unix box's port 137 coming from IP sources across the internet ? The unix servers in question are most definitely *not* running samba, and there is absolutely no NT anywhere on this customer's network (that is seeing the incoming UDP traffic directed at an IP destination address on port 137). (A couple of 95 boxes scattered across an Ethernet comprise the Micro$oft part of the network). None of the 95 boxen are running any file or print serving (sharing) resources. [stuff cut]
Hi Jon. If memory serves, Netbios nameservices are generally only on the same segment unless you have an NT/Samba server somewhere... As it is, it should *NOT* be directed at your Unix boxes and definately not coming across the Internet. My guess is that someone may be attempting a bad OOB data attack on port 137 thinking that your Unix box is some type of PC. Mel Melody Lynn Yoon melodyy@best.com | Graduate - '97 MSF Senior SA - Taos Mountain Software, Santa Clara, CA | NRA Member -- I do not accept commercial, unsolicited email -- http://www.best.com/~melodyy/spam.policy.html