On 09/12/07 22:20 -0500, Allen Weiner wrote: > Now, in addition to all the connection attempts to my port 80, I'm > getting tons of UDP traffic to port 137 being trapped by iptables and/or > Firestarter. I have no idea what's going on. Do you have any > suggestions? I Googled UDP "port 137". One thing I saw is something > about reverse DNS lookups from secondary DNS servers running Windows.
137, 138, and 139 are ports for windows netbios tunnels. What you're seeing are in all liklihood comprimised hosts looking to infect you using any one of a billion security holes windows had (and possibly, has). Its just the background drone of "the internet". Pay it no mind. And if you run an ISP, block it at the edge. Save you some worries. -porkchop _______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Dec 5 - Open Source Show and Tell Jan 2 - TBD Feb 6 - DBUS Mar 5 - Setting up a platform-independent home/small office network using Linux
