aah doom has aspergers.. that explains a lot :) Den 3. feb. 2012 22.10 skrev [email protected] <[email protected]>:
> Arserspeage.haha. > Fku lamer. > > ----- Reply message ----- > From: "Zach C." <[email protected]> > To: <[email protected]> > Cc: "funsec" <[email protected]>, "RandallM" <[email protected]>, < > [email protected]>, < > [email protected]> > Subject: [Full-disclosure] can you answer this? > Date: Fri, Feb 3, 2012 8:04 pm > > > The original message reads thus: > > > i was working with cleaning up "any to any" on fw. ran across inside > > ips doing netbios (NS) , and one using port 4330 to 7.8.0.106, or > > .107. > > > > a who is give .miil DoD Network Information Center. > > > > ? > > > > we are just a manufacturing company. One ip is from a NAS device for > > staorage. The other is DNS server > > I expect it's supposed to read like this: > > "I was working on cleaning up my 'any to any' rulesets on my firewall and > I ran across internal IPs using the NetBIOS protocol, which is unexpected > behavior. One of my internal hosts also appears to be attempting to connect > to 7.8.0.106 or 7.8.0.107 on port 4330. A WHOIS lookup tells me that those > IPs belong to the IP range owned by the U.S. Department of Defense. > > What is going on? We're just a manufacturing company. One of the IPs > participating in this traffic is supposed to be network storage, while the > other is supposed to just do DNS." > > And because no one answered him, he decided to try another line of inquiry: > > "My firewall logs have also picked up traffic from our internal trusted > network to an external untrusted network with entries such as: > > 2012-02-02 10:08:10 7.254.254.254:68 7.254.254.255:67 0.0.0.0:0 > 0.0.0.0:0 DHCP 0 sec. 0 0 Traffic Denied > > It was denied. What is happening here?" > > I have no idea what's happening there; I'd suggest looking at the machines > for strange activity, maybe doing some tcpdumps and seeing if you can trace > back any of the packets you find to any of your machines. But I can't think > of any reason your internal machines should be trying to connect to those > hosts. (Especially considering those hosts may not exist!) > > On Fri, Feb 3, 2012 at 12:31 AM, <[email protected]> wrote: > >> So what's the question? >> >> ------Original Message------ >> From: RandallM >> Sender: [email protected] >> To: funsec >> To: [email protected] >> Subject: [Full-disclosure] can you answer this? >> Sent: 3 Feb 2012 08:20 >> >> since no one could answer the last one how bout this. In my FW log >> Trust (our 10.0.0.0. network) to untrust picked this up: >> >> 2012-02-02 10:08:10 7.254.254.254:68 7.254.254.255:67 0.0.0.0:0 >> 0.0.0.0:0 DHCP 0 sec. 0 0 Traffic Denied >> >> My "any" to "any" denied queue. >> >> -- >> been great, thanks >> RandyM >> a.k.a System >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> Sent from my BlackBerry® wireless device >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
