On 7/15/03 11:59 AM, "Graeme Fowler" wrote: > Not necessarily... > > This could well be a client of yours, or a client of a client, or a > regular visitor to a single website on your machine. Or someone who > sends email to someone using your machine for email (you get the idea). > > Before anybody runs off saying "but that's a WINDOWS PORT!", hear me > out: older, slightly more brain-dead windows versions - I forget which, > exactly, but ISTR 95, 98, 98se and ME as culprits - often tried to > prefix every TCP connection with a NetBIOS namelookup attempt. This was > frequently because they couldn't determine the difference between local > and non-local remote hosts, or were misconfigured to specifically > attempt DNS using NetBIOS before doing anything else. > > It could, just as easily, be someone scanning you: but if they keep > hitting a non-operational port, what do you have to worry about? > > There is no need, whatsoever, for you to monitor port 135, unless you're > running services upon it. Doing so is a little like keeping an eye on a > specific brick in the wall of your house, just in case someone tries to > chisel the mortar out and look through the hole. > > I'd look through your mail logs and see if that IP address features in > there at all. I'll wager you'll find POP3 connections from it, every > fifteen minutes, for hours on end.
Great reply, helped me understand a bit more on the port scans we see all the time. Thanks!! -- Thanks!! David Thurman List Only at Web Presence Group Net _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
