----- Original Message -----
From: Ray Olszewski <[EMAIL PROTECTED]>
Date: Wednesday, August 6, 2003 10:13 am
Subject: Re: [leaf-user] Routing 192.168.231.255

> As an aside, from time to time people post questions here about 
> whether 
> blocked packets from/to ports 137/139 are attacks. I usually reply 
> suggesting that they are more likely to be a "leaky router" on the 
> ISP's 
> "LAN" than a deliberate attack. This problem is (I think) an 
> example of 
> just such a misconfigured router.

These days, though, it's more likely to be annoying maliciousness, 
rather than an outright attack. If you're on a cable network, you're 
likely to see a LOT of incoming stuff from all over the 'net with 
destination ports for 138/139 and 135. These - especially the 135s - 
tend to be the now-pervasive Windows Messenger Service popups that a 
lot of folks are getting. Any of those ports will work though, and if 
you're doing any sharing of Windows drives on your LAN, you really want 
to have those blocked.

I'd recommend you check your external IP though before blocking RFC1918 
addresses wholesale; your provider may be using them as a WAN IP 
between you and them and doing further NAT or PAT on their side.



-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to