On Wed, 6 Jun 2001, elawson wrote:
> I am curious why I frequently see these in my snort daily log.
> They appear to be in the route of or destinations of email sent from my
> server.
>
> attacks to from
> =========================================================================
> 3 SMB Name Wildcard 208.140.130.25 207.180.160.4
> 3 SMB Name Wildcard 208.140.130.25 exchange.rivier.edu
> 3 SMB Name Wildcard 208.140.130.25 mail.hatfieldlaw.com
They are running Microsoft software, which has a tendency to want to contact
every IP address it ever sees for NetBIOS name lookups. It is not an
"attack", per se, allthough it is a sign that the machines sending the packets
are not well secured.
--
Ben Scott <[EMAIL PROTECTED]>
| The opinions expressed in this message are those of the author and do not |
| necessarily represent the views or policy of any other person, entity or |
| organization. All information is provided without warranty of any kind. |
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
