Usually I have found that most of my port 137 log entries went to employees
who had laptops or attempted to configure WINS (which is Netbios Name
Service) at home to my internal server numbers.
Port 113 is IDENT, which is used to identify incoming connections as
specified in the RFC 1413 document. (from the man page). I have found that
these are common place - but running the identd services is usually a hugh
security hazard.
Dave Smith
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, July 22, 1999 11:05 AM
Subject: A few questions about certain ports
> Hi folks,
>
> I've recently had many reject querys on port 113 and 137 on our
> firewall. These ports are most often used for auth and netbios-ns.
>
> I'm curious as to why I am getting serverl different hosts sending
> packets to these ports. Is this something I should be suspicious about
> and should report?
>
> Also (being new to the firewall business), what is the best way to report
> something. Attempt to contact the hostmaster of the domain the query
> came from? Tell them? or what... Thanks bunches.
>
> Sincerely,
> Josh Estelle
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
