On Wed, 12 Jan 2000, Andrew Moss wrote:
AM} HI All,
AM} I'm having trouble understanding some activity on one of our
AM} firewalls
AM}
AM} Starting today at 15:31 and going through till 15:39 every couple of
AM} seconds a host tried to send packets to UDP port 137 from port 137.
AM}
AM} anyone ever seen this before.
Yes, its a constant pain. This is a NetBIOS Name Service request from a
Windows?? system.
AM} The box they are trying to connect to is a WinNT 4.0 sp6a running
AM} Microsoft Proxy Server 2.0 wins is disabled on all external interfaces
The source system has been able to detect that your system is a WindowsNT
Server. If the source system is not sending, specifically, to your Proxy
Server, you did not shut down all services.
Early last year, we tried using the Microsoft Proxy Server at a customer
site. We had a lot of trouble due to errors in the documentation and
several KnowledgeBase articles getting the external interface to stop
disclosing that it was a WindowsNT Server.
I don't recall what we had to do to make it "hold its tongue" as we
discovered that it couldn't really do what we wanted and was painfully
slow. We replaced WindowsNT with BSD/OS and used Squid as the proxy
server. Faster, more secure, and supported the entire user community
without resorting to diddling internal default routes.
Merton Campbell Crockett
+--------------------------------------------------------------------------+
| Manager, Network Operations & Services | Chief Network/Security Engineer |
| General Dynamics Electronic Systems | Naval Surface Warfare Center |
| Intelligence Systems Organization | Port Hueneme Division |
| Thousand Oaks, CA | Port Hueneme, CA |
+--------------------------------------------------------------------------+
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
