Whenever I send email to a specific server, the server trys to connect to my server on port 137. Any ides what is going on there? Is that one misconfigured? I mean I could sniff that traffic and see what it is, but does anybody know what it is and why? Thanks Raffy
Whenever I send email to a specific server, the server trys to connect to my server on port 137.
I don't know, but you can see : (for colsfaq) 5.7) I'm seeing repeated probes to port xxxx... What does this mean? Here are some lists of port assignments: IANA Port Assignments : http://www.isi.edu/in-notes/iana/assignments/port-numbers - "Official" port assignment from the Internet Assigned Numbers Authority. Port list at NetworkIce: http://advice.networkice.com/advice/Exploits/Ports - List of ports and hyperlinked explanations that includes 'less standard' ports. List of Trojans: http://www.tlsecurity.com/trojanh.htm - The most complete list of trojan ports available. Port Search Engine: http://www.cotse.com/cgi-bin/port.cgi - Very nice search engine for ports, links results to relevant RFC's. For a more in depth analysis of what you're seeing, see Robert Graham's Firewall forensics FAQ: http://www.robertgraham.com/pubs/firewall-seen.html
Any ides what is going on there? Is that one misconfigured? I mean I could sniff that traffic and see what it is, but does anybody know what it is and why?
Thanks
Raffy
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
On Wed, Jan 10, 2001 at 06:06:00PM +0100, Raffy wrote:
Whenever I send email to a specific server, the server trys to connect to my server on port 137.
137/TCP is the NETBIOS Name Service. So the remote mailserver might be a (misconfigured?) Windows-Box. It's nothing dangerous, AFAIK. Martin -- Disclaimer This email is subject to copyright and is intended only for the person(s) named. You may not disclose the contents of this email to other person(s) or take copies of it without the permission of the author. PGP/GPG encrypted mail preferred, my public-key is availabe at http://empyreum.de/pgp-keys/MH.asc - ID: 1FEA0DF4 - the fingerprint is 3A8B 6A9A 3353 8CE7 9C95 31C8 0277 FA58 1FEA 0DF4
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 10 Jan 2001, Raffy wrote:
Whenever I send email to a specific server, the server trys to connect to my server on port 137.
Any ides what is going on there? Is that one misconfigured? I mean I could sniff that traffic and see what it is, but does anybody know what it is and why?
Your mailserver is probably hosted on a windows machine that also features netbios. Netbios is just sniffing at your computer then when you contact that machine. - -- Groetjes vanwege... Greetings from... -- - -- Dieter Demerre *** ddemerre@acm.org -- - -- http://www.angelfire.com/de/ddemerre/ -- -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQA/AwUBOlyrcQlG34XnM6kpEQLV8gCfWbzDEIMCJh6Rthb/EgWdk04G+aMAn1AG RlTL9WtDA1W3HtaNGnFO1BJD =oORG -----END PGP SIGNATURE-----
participants (4)
-
Carlos -
Dieter Demerre -
Martin Hermanowski -
Raffy