On 13 Aug 2003, Frank Tegtmeyer wrote: > Julian Church <[EMAIL PROTECTED]> writes: > > > Since the packets you're seeing are pretty much exclusively harmless > > "chatter" it's more user friendly this way. > > You mean Windows users using the Internet as "network neighborhood"? > I'm not too familiar with Windows hosts connected to the Internet > through modem/isdn/dsl/..., so what you say may be correct.
Someone decides to setup a windows server to serve web pages (for example). You google around and encounter this webserver. Because the admins are pretty clueless, they have it configured to do name lookups through windows networking before dns. The server sees your source ip address (well, at least the external one on your firewall), and decides it wants to record a name instead of an ip address in the logs. Windows then starts sending packets to the windows networking ports du jour (135 and/or 445, I think?), and if it receives no response, tries a few more times. By sending a REJECT right away, this nonsense is cut off as soon as possible, and the server either falls back to dns or records an ip number instead of a name. > I interpreted Windows traffic coming from the Internet as part of a scan > always. So there would be no need to be friendly. If this traffic is > generated by accident in most cases the default of rejecting would be > justified. Yup. The misconfigured windows server is by far the most common... attributing malice to these packets will leave you tilting at windmills. A real scan will usually hit OTHER ports as well. --------------------------------------------------------------------------- Jeff Newmiller The ..... ..... Go Live... DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/Batteries O.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --------------------------------------------------------------------------- ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html