On Mon, Mar 06, 2000 at 06:56:48AM -0800, Christopher Adams, Sr. wrote:
> If my memory serves me correctly, 137 is the port for IMAP. Over the past two years
>especially, CERT and BUGTRAQ have been warning against increasing IMAP attacks. If
>you do not run IMAP, then you can ignore these probes. If you are supporting a
>bulletin board service, then you had better tighten up your security/rules.
Your memory does not serve you correctly. Port 137 is for netbios
name service. IMAP is 143.
Ports 135-139 are all reserved for Microsoft protocols. They've
now also added 445. I block all those ports inbound and outbound through
my firewall unconditionally.
>From the IANA port-numbers file:
] epmap 135/tcp DCE endpoint resolution
] epmap 135/udp DCE endpoint resolution
] # Joe Pato <[EMAIL PROTECTED]>
] profile 136/tcp PROFILE Naming System
] profile 136/udp PROFILE Naming System
] # Larry Peterson <[EMAIL PROTECTED]>
] netbios-ns 137/tcp NETBIOS Name Service
] netbios-ns 137/udp NETBIOS Name Service
] netbios-dgm 138/tcp NETBIOS Datagram Service
] netbios-dgm 138/udp NETBIOS Datagram Service
] netbios-ssn 139/tcp NETBIOS Session Service
] netbios-ssn 139/udp NETBIOS Session Service
[...]
] microsoft-ds 445/tcp Microsoft-DS
] microsoft-ds 445/udp Microsoft-DS
] # Pradeep Bahl <[EMAIL PROTECTED]>
Microsoft uses port 135 for their RPC end point mapper even though
it is not strictly "DCE" per se.
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
