10 Best Engines
Mark L. Chang
mchang at ee.washington.edu
Thu Jan 18 10:18:50 EST 2001
On Thu, 18 Jan 2001 isham-research.freeserve.co.uk at pop.pol.net.uk wrote:
> Hmm. Go wardsauto go, in my case. My firewall blocks probing by this
> site - what are they up to:
>
> FWIN,2001/01/18,10:24:58 +0:00 GMT,212.140.65.206:137,212.140.65.255:137,UDP
> FWIN,2001/01/18,10:25:20 +0:00 GMT,212.140.65.182:137,212.140.65.255:137,UDP
> FWIN,2001/01/18,10:25:48 +0:00 GMT,212.140.65.112:138,212.140.65.255:138,UDP
> FWIN,2001/01/18,10:25:54 +0:00 GMT,212.140.65.110:137,212.140.65.255:137,UDP
> FWIN,2001/01/18,10:26:02 +0:00 GMT,212.140.65.110:138,212.140.65.255:138,UDP
> FWIN,2001/01/18,10:26:44 +0:00 GMT,212.140.65.214:137,212.140.65.255:137,UDP
UDP packets courtesy of Netbios. Specifically:
netbios-ns 137/tcp nbns
netbios-ns 137/udp nbns
netbios-dgm 138/tcp nbdgm
netbios-dgm 138/udp nbdgm
netbios-ssn 139/tcp nbssn
You shouldn't be getting any of these from outside your intranet unless
someone is doing strange WINS resolution to your network, or in the case
you are bridging networks knowingly.
Could be an attack, could be ignorance.
--
To boldly split infinitives that no man had split before.
-- Douglas Adams, _The Hitchhiker's Guide to the Galaxy
More information about the quattro
mailing list