[Snort-users] DNS TO 137

Togan Muftuoglu toganm at ...603...
Fri May 18 10:25:03 EDT 2001


Hi 
As you can see clearly below thre is a traffic from port 53 to 137
(netbios) now those two ips are the nameservers for my isp that I have
an ADSL Connection which I use roaring penquin. 

I have my resolve.conf 

nameserver 127.0.0.1
search my.domain

and there is no forwarding in the named.conf I do want to believe that
this is indeed bad traffic but with five second intervals from two
named servers to my pc on port 137 is questioning for me.

TIA

-- 
Togan Muftuoglu

=-=-=-=-=-=-=-=-=-=
May 18 16:10:03 gardiyan snort: MISC source port 53 to <1024 [Classification: Potentially Bad Traffic   Priority: 2]: 212.156.4.4:53 -> 212.156.196.133:137
May 18 16:10:08 gardiyan snort: MISC source port 53 to <1024 [Classification: Potentially Bad Traffic   Priority: 2]: 212.156.4.20:53 -> 212.156.196.133:137










More information about the Snort-users mailing list