[Snort-users] DNS TO 137
toganm at ...603...
Fri May 18 10:25:03 EDT 2001
As you can see clearly below thre is a traffic from port 53 to 137
(netbios) now those two ips are the nameservers for my isp that I have
an ADSL Connection which I use roaring penquin.
I have my resolve.conf
and there is no forwarding in the named.conf I do want to believe that
this is indeed bad traffic but with five second intervals from two
named servers to my pc on port 137 is questioning for me.
May 18 16:10:03 gardiyan snort: MISC source port 53 to <1024 [Classification: Potentially Bad Traffic Priority: 2]: 18.104.22.168:53 -> 22.214.171.124:137
May 18 16:10:08 gardiyan snort: MISC source port 53 to <1024 [Classification: Potentially Bad Traffic Priority: 2]: 126.96.36.199:53 -> 188.8.131.52:137
More information about the Snort-users