On 13 Aug 2003, Frank Tegtmeyer wrote:
> Julian Church <[EMAIL PROTECTED]> writes:
>
> > Since the packets you're seeing are pretty much exclusively harmless
> > "chatter" it's more user friendly this way.
>
> You mean Windows users using the Internet as "network neighborhood"?
> I'm not too familiar with Windows hosts connected to the Internet
> through modem/isdn/dsl/..., so what you say may be correct.
Someone decides to setup a windows server to serve web pages (for
example). You google around and encounter this webserver. Because the
admins are pretty clueless, they have it configured to do name lookups
through windows networking before dns. The server sees your source ip
address (well, at least the external one on your firewall), and decides it
wants to record a name instead of an ip address in the logs. Windows then
starts sending packets to the windows networking ports du jour (135 and/or
445, I think?), and if it receives no response, tries a few more times. By
sending a REJECT right away, this nonsense is cut off as soon as possible,
and the server either falls back to dns or records an ip number instead of
a name.
> I interpreted Windows traffic coming from the Internet as part of a scan
> always. So there would be no need to be friendly. If this traffic is
> generated by accident in most cases the default of rejecting would be
> justified.
Yup. The misconfigured windows server is by far the most common...
attributing malice to these packets will leave you tilting at windmills.
A real scan will usually hit OTHER ports as well.
---------------------------------------------------------------------------
Jeff Newmiller The ..... ..... Go Live...
DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go...
Live: OO#.. Dead: OO#.. Playing
Research Engineer (Solar/Batteries O.O#. #.O#. with
/Software/Embedded Controllers) .OO#. .OO#. rocks...2k
---------------------------------------------------------------------------
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
