You really should be blocking inbound, at a minimum, the following Microsoft services and NetBIOS ports at your boarder routers and/or firewalls:
netbios-ns 137/tcp nbname #NETBIOS Name Service netbios-ns 137/udp nbname #NETBIOS Name Service netbios-dgm 138/udp nbdatagram #NETBIOS Datagram Service netbios-ssn 139/tcp nbsession #NETBIOS Session Service microsoft-ds 445/tcp microsoft-ds 445/udp ms-sql-s 1433/tcp #Microsoft-SQL-Server ms-sql-s 1433/udp #Microsoft-SQL-Server ms-sql-m 1434/tcp #Microsoft-SQL-Monitor ms-sql-m 1434/udp #Microsoft-SQL-Monitor wins 1512/tcp #Microsoft Windows Internet Name Service wins 1512/udp #Microsoft Windows Internet Name Service Bill ----- Original Message ----- From: "Gary.Ferguson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, August 01, 2003 7:35 AM Subject: [IMail Forum] OT Service sweeps > Do any of you see alot of service sweeps on your network? I get hundreds of > these a day. Usually ports 137 and 1434. > I would think our ISP would block this but then again it's probably better > that they don't filter. > > UDP_Service_Sweep 2003-08-01 13:51:57 > Source IP 148.221.102.24 Port N/A > Destination IP 206.69.0.0 Port 137 > DISPLAY=Default:0,EMAIL=Default:0,LOGDB=LogWithoutRaw:0,OPSEC=LockSrcAddr:0 > Priority low > Alert Type SuspiciousUDP > > Gary > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
