[Snort-users] Very interesting packet

Fyodor fygrave at ...121...
Sun Jul 30 06:39:19 EDT 2000


~ :
~ :Good guess!  But it looks like they are sequentially scanning systems
~ :blindly, they scanned 7 systems of mine that do not exist.  So, if
~ :they do not get any response, they either have a Windows box, or
~ :no box at all.  Seems to be easier ways to get info ?!?
~ :

Blind guess: I've been seeing udp 137<-->137 traffic being rejected on my
firewalls for quite long time. Further investigation showed up that if
netbios is configured on external `interface' of windoze box, windoze
tries to resolve remote boxen name via netbios as well. Maybe this is
another breed of microsoft crawling featurism? :)





More information about the Snort-users mailing list