You should definately block this from entering your network as with all other unused
services. I don't know of any exploits using this port, but "where there's a will
there's a way"..(sorry for the cliche')
I would also contact the source (lookup their ip address at ARIN, or APNIC, or RIPE),
and tell them that they are advertising to the world the fact that they are NetWare
users.
The standard response is "How did you know we run Novell"...
cheers..
>>> Randy Witlicki <[EMAIL PROTECTED]> 01/31/01 12:48PM >>>
Hi,
I occasionally see connect attempts coming from
random hosts on the internet to some of the web servers
I maintain to TCP port 524.
I understand this is used Novell as part of their
protocol stack.
Should I just block these at the border router and
forget about them the same as I do with udp/137 which
is a Windows PC trying to do a netbios name lookup ?
(is it the same thing - the default way a machine works
as opposed to an active exploit?)
Thanks for any advice.
- Randy
-
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
