On Wed, Jan 24, 2001 at 09:05:06AM +0100, Mikael Abrahamsson wrote:
> Anyone know of a NBNAME attack, or have an explanation to this behaviour?
> The machine might be hacked, but I would like to know why it might be
> scanning etc.
NT Servers (IIS WEB and FTP at least) will contact clients in the netbios
nameserver port to retrieve client infos. I think this is related somehow to
the logging and authentication. But it is a default and I am not aware of
additional Data beeing collected. So reject and ignore the requests.
Greetings
Bernd
--
(OO) -- [EMAIL PROTECTED] --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
