It more looks like a mis-configured windows box trying to get WINS information from
you.
Try phoning the owner to check. It might be someone taking a computer home from work
with wrong set-up.
DNS for that IP gives:
03/01/01 20:55:28 dns 167.160.241.245
nslookup 167.160.241.245
Canonical name: 241-245.master-link.com
Addresses:
167.160.241.245
with arin WHOIS information:
03/01/01 20:55:12 whois [EMAIL PROTECTED]
whois -h whois.arin.net !netblk-ml-8 ...
MasterLink, Inc. (NETBLK-ML-8)
353 Bel Marin Keys Blvd., Ste 14
Novato, CA 94949
US
Netname: ML-8
Netblock: 167.160.240.0 - 167.160.255.255
Maintainer: MSLK
Coordinator:
MasterLink Hostmaster (MH106-ORG-ARIN) [EMAIL PROTECTED]
415.884.3464
Fax- 415.884.2141
Record last updated on 10-Apr-2000.
Database last updated on 1-Mar-2001 18:49:45 EDT.
The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, March 01, 2001 19:30
To: [EMAIL PROTECTED]
Subject: Interpret Pix log
Hi,
I am new at reading the pix log and I know someone out there can help me
interpret these messages. I started receiving hundreds of messages like
these today. It seems like the address 167.160.241.245 is scanning through
the ports 16000 and higher trying to get to any address in the subnet
12.25.196.0 and 12.25.199.0 on port 137, which is NetBIOS Name Service port.
Does it mean someone is sniffing my network? Thanks.
Mar 01 2001 15:23:15: %PIX-2-106006: Deny inbound UDP from
167.160.241.245/16148 to 12.25.196.206/137 on interface outside
Mar 01 2001 15:23:15: %PIX-2-106006: Deny inbound UDP from
167.160.241.245/16148 to 12.25.196.206/137 on interface outside
Mar 01 2001 15:23:15: %PIX-2-106006: Deny inbound UDP from
167.160.241.245/16148 to 12.25.196.206/137 on interface outside
Mar 01 2001 15:23:15: %PIX-2-106006: Deny inbound UDP from
167.160.241.245/16148 to 12.25.196.206/137 on interface outside
Mar 01 2001 15:23:15: %PIX-2-106006: Deny inbound UDP from
167.160.241.245/16310 to 12.25.196.146/137 on interface outside
Mar 01 2001 15:23:15: %PIX-2-106006: Deny inbound UDP from
167.160.241.245/16310 to 12.25.196.146/137 on interface outside
Mar 01 2001 15:23:15: %PIX-2-106006: Deny inbound UDP from
167.160.241.245/16310 to 12.25.196.146/137 on interface outside
Mar 01 2001 15:23:15: %PIX-2-106006: Deny inbound UDP from
167.160.241.245/16310 to 12.25.196.146/137 on interface outside
Mar 01 2001 15:23:15: %PIX-2-106006: Deny inbound UDP from
167.160.241.245/16310 to 12.25.196.146/137 on interface outside
Mar 01 2001 15:23:15: %PIX-2-106006: Deny inbound UDP from
167.160.241.245/16310 to 12.25.196.146/137 on interface outside
....
Mar 01 2001 15:40:54: %PIX-2-106006: Deny inbound UDP from
167.160.241.245/21190 to 12.25.196.74/137 on interface outside
Mar 01 2001 15:40:54: %PIX-2-106006: Deny inbound UDP from
167.160.241.245/21190 to 12.25.196.74/137 on interface outside
Mar 01 2001 15:40:55: %PIX-2-106006: Deny inbound UDP from
167.160.241.245/22044 to 12.25.199.154/137 on interface outside
Mar 01 2001 15:40:55: %PIX-2-106006: Deny inbound UDP from
167.160.241.245/22044 to 12.25.199.154/137 on interface outside
Mar 01 2001 15:40:55: %PIX-2-106006: Deny inbound UDP from
167.160.241.245/21190 to 12.25.196.74/137 on interface outside
Mar 01 2001 15:40:55: %PIX-2-106006: Deny inbound UDP from
167.160.241.245/21190 to 12.25.196.74/137 on interface outside
Mar 01 2001 15:40:55: %PIX-2-106006: Deny inbound UDP from
167.160.241.245/21190 to 12.25.196.74/137 on interface outside
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
