If the volume becomes disturbing, maybe it's worthwhile to DENY them in
ipchains without logging?
Regards
Gustav
"Thomas Ribbrock (Design/DEG)" wrote:
>
> On Thu, Dec 16, 1999 at 02:38:53PM -0600, Jeff Smelser wrote:
> > Today, as for the last few days, I have been trying to track this down.
> > Please help.
> >
> > Dec 16 13:27:38 c465357-a portsentry[8432]: attackalert: Connect from
> > host: 12.30.163.51/12.30.163.51 to UDP port: 137
>
> Port 137? That doesn't have to be an attack. It might well be one of
> these tremedously annoying IIS servers. I had several of these cases -
> web sites which - upon connecting - would start spewing out connections
> to port 137 (netbios, AFAIK). In fact, there were so many of them that I
> had to remove port 137 from my PortSentry list, as it was preventing me
> from accessing certain web pages. If I'm right, you might want to send
> them a polite mail telling them about the problem and send a hate mail
> to Redmond...
>
> Thomas
--
pgp = Pretty Good Privacy.
To get my public pgp key, send an e-mail to: [EMAIL PROTECTED]
Visit my web site at http://www.schaffter.com
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
