These are all on ports 137 and 138 which are reserved for :- netbios-ns 137/tcp NETBIOS Name Service netbios-ns 137/udp NETBIOS Name Service netbios-dgm 138/tcp NETBIOS Datagram Service netbios-dgm 138/udp NETBIOS Datagram Service
Perhaps you are running Samba? If so you could block of those addresses in your Samba config. Derek On Wednesday 21 November 2001 02:57, you wrote: > We are in a mixed network, which includes a router Cisco, a 3COM swich > common to the two networks and a hub where gateway/fire wall linux computer > is connected. > > One of the network is my company network (192.168.X.X / 255.255.0.0. I am > in charge of it) and the other network belongs to other company (10.10.X.X > / 255.255.0.0). This company has a VPN. Now, they are accusing me as > hacker, alleging we have tried to go into their VPN. As prove of tha t , > they are showing the following type of message: > > Oct 21 04:09:49 localhost kernel: Packet log: input REJECT eth0 PROTO=6 > > 213.107.153.72:4512 216.72.44.186:27374 L=48 S=0x00 I=24273 F=0x4000 T=109 > SYN (#70) > > Oct 21 04:09:55 localhost kernel: Packet log: input DENY eth0 PROTO=17 > 192.168.2.185:138 > > 192.168.255.255:138 L=229 S=0x00 I=43989 F=0x000 T=128 (#71) > > Oct 21 04:10:01 localhost kernel: Packet log: input REJECT eth0 PROTO=6 > > 213.107.153.72:4512 216.72.44.186:27374 L=48 S=0x00 I=24273 F=0x4000 T=109 > SYN (#70) > > Oct 21 04:10:08 localhost kernel: Packet log: input DENY eth0 PROTO=17 > 192.168.2.138:137 > > 192.168.255.255:137 L=78 S=0x00 I=49285 F=0x000 T=32 (#71) > > Oct 21 04:10:16 localhost kernel: Packet log: input DENY eth0 PROTO=17 > 192.168.2.20:138 > > 192.168.2.255:138 L=238 S=0x00 I=56451 F=0x000 T=32 (#71) > > Oct 21 04:10:20 localhost kernel: Packet log: input DENY eth0 PROTO=17 > 192.168.2.5:138 > > 192.168.2.255:138 L=234 S=0x00 I=39272 F=0x000 T=128 (#71) > > Oct 21 04:11:08 localhost kernel: Packet log: input DENY eth0 PROTO=17 > 192.168.2.5:137 > > 192.168.2.255:138 L=78 S=0x00 I=39528 F=0x000 T=128 (#71) > > Oct 21 04:12:00 localhost kernel: Packet log: input DENY eth0 PROTO=17 > 192.168.2.100:138 > > 192.168.255.255:138 L=241 S=0x00 I=31461 F=0x000 T=128 (#71) > > Oct 21 04:14:04 localhost kernel: Packet log: input DENY eth0 PROTO=17 > 192.168.2.172:137 > > 192.168.255.255:137 L=78 S=0x00 I=50473 F=0x000 T=32 (#71) > > They have as many as 40 pages of this type of messages , presenting this > "deny" access as the evidence we have tried to penetrate their network. > > Since we are not int er ested is go into that VPN, nor we have tried to do > it, please help me in find a technnical explanation for the "evidences" the > have shown. > > Thanks.
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
