I've also seen a number of scans to port 137 that hit every IP
address in my pool. As a matter of security I block it at the
firewall from going in or out. I also block ports 138 and 139.
When it's just hitting the IP address of my web server I just
ignore them.
Philipp Buehler wrote:
>
> John Adams wrote To [EMAIL PROTECTED]:
> >
> > Recently while analyzing log data, I've noticed an absolutely large number
> > of denials to port 137, udp
>
> If the source is 137 too, then it is only a user browsing your web-
> server [or whatever] and has WINS lookup on and in wrong order to DNS.
>
> > Anyone seen this on their DMZ ?
> A lot. M$ takes it all.
>
--
| Bryan Andersen | [EMAIL PROTECTED] | http://softail.visi.com |
| Buzzwords are like annoying little flies that deserve to be swatted. |
| -Bryan Andersen |
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
