Re: port 139
On Fri, 11 Jan 2002, Lim Seow Keang wrote: Hi! I totally zero about security. I have no idea how secure is my NT4 server. Just wonder how people hack port 139. Can someone tell where can I get the tools to hack in my NT4 .. ? You don't need hacking tools to secure a server. In the case of port-level services, if you block access to the port, that's readily verified by either netstat or a port scanner. I just wanna to know how to hack in port 139 and later how to protect it back. Don't expose port 139 to the Internet and that particular vector of attack is closed down from Internet-based attackers. Paul - Paul D. Robertson My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact. ___ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
Re: port 139 scans -- found cause
After working with both ISP's that the scan originated from, we discovered they were both trying out a new Linux network neighborhood browser called Gnomba. More info on this tool can be found at: http://stute.jacobus.stevens-tech.edu/~gandalf/proj/gnomba/in dex.html Apparently it is a senior project at this university, and there are still a few bugs. I am still trying to determine whether it only browses a specific work group like the MS network neighborhood, or if it scans for _any_ workgroup exposed to the net. Guess this is why we block SMB at the firewall... I did get a couple reports from the list on other address ranges that were scanned, so this doesn't seem to be a local issue. Thanks for all your responses. Dan Lenhard System Admin [EMAIL PROTECTED] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]