On Fri, 26 May 2000, Don Hansford wrote:
Bill Moseley wrote:
Anyone know what people are trying when they try to connect to port 137?
I may be wrong (wouldn't be the first time) but quite a lot of these so-called "probes" that firewalls report, are simply your ISP doing a form of 'ping' to see if your network (or dialup) connection is still active. In this day & age of bandwidth shortages, it is in the ISPs' interest to kil your connection (if he uses NT), or 'renice' it (with Unix) to free up a few kbps.
Most of the complaints will come from people with either a DSL or a cable modem. Now some ISPs do scan those [When @Home was facing it's UDP it was supposedly scanning users] but most of the attacks will hit well known ports. Ports with well known weakness.
'Fraid so There really can't be that many script-kiddies out there!
I've been probed by literally every major European country. [Including Russia and Turkey] Most of North America, Austrialia,Japan and Korea. There are enough people out thier scanning for various reasons so that most days I'll see something. It's sad but better safe then sorry. Most people either have an old out date computer lying around or can get one fairly cheap. They aren't much use for modern windows users but make great firewall machines. Recycle turn old computers into firewalls-) Nick -- Nick Zentena "The Linux issue," Wladawsky-Berger explained, "is whether this is a fundamentally disruptive technology, like the microprocessor and the Internet? We're betting that it is." -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/