Hmm
I think that those scans aren't really port-scans, I think that it just are
broadcasts, spread on the net from bad configured routers, forwarding
broadcasts from a Windows-based network.
It's better to block them, in both directions.
Erwin
> I've also seen a number of scans to port 137 that hit every IP
> address in my pool. As a matter of security I block it at the
> firewall from going in or out. I also block ports 138 and 139.
>
> When it's just hitting the IP address of my web server I just
> ignore them.
>
>
> Philipp Buehler wrote:
> >
> > John Adams wrote To [EMAIL PROTECTED]:
> > >
> > > Recently while analyzing log data, I've noticed an
> absolutely large number
> > > of denials to port 137, udp
> >
> > If the source is 137 too, then it is only a user browsing your web-
> > server [or whatever] and has WINS lookup on and in wrong
> order to DNS.
> >
> > > Anyone seen this on their DMZ ?
> > A lot. M$ takes it all.
> >
>
> --
> | Bryan Andersen | [EMAIL PROTECTED] |
> http://softail.visi.com |
> | Buzzwords are like annoying
> little flies that deserve to be swatted. |
> | -Bryan Andersen
> |
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
