On Sun, 2007-12-09 at 23:34 -0500, Porkchop wrote: > On 09/12/07 22:20 -0500, Allen Weiner wrote: > > Now, in addition to all the connection attempts to my port 80, I'm > > getting tons of UDP traffic to port 137 being trapped by iptables and/or > > Firestarter. I have no idea what's going on. Do you have any > > suggestions? I Googled UDP "port 137". One thing I saw is something > > about reverse DNS lookups from secondary DNS servers running Windows. > > 137, 138, and 139 are ports for windows netbios tunnels. What you're > seeing are in all liklihood comprimised hosts looking to infect you > using any one of a billion security holes windows had (and possibly, > has). > > Its just the background drone of "the internet". Pay it no mind. And if > you run an ISP, block it at the edge. Save you some worries. > -porkchop > __________ There is still something I'd like to understand.
When my /etc/resolv.conf was this: ======== grep -v '^#' /etc/resolv.conf ========== ; generated by /sbin/dhclient-script search myhome.westell.com nameserver 192.168.1.1 nameserver 192.168.1.1 Iptables never logged any UDP packets going to port 137. (I had switched to a statically assigned IP address, however I had not manually edited resolv.conf. This resolv.conf was a leftover from when I had been using DHCP). When I changed my /etc/resolv.conf to this: ======== grep -v '^#' /etc/resolv.conf ========== nameserver 68.237.161.12 nameserver 71.250.0.12 Iptables logs a UDP packet going to port 137 every 30 seconds, for every session I'm online. Why did this change to resolv.conf cause Iptables to start logging large number of UDP packets to port 137 when it previously logged none? > _____________________________________ > Mid-Hudson Valley Linux Users Group http://mhvlug.org > > http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug > Upcoming Meetings (6pm - 8pm) MHVLS Auditorium > > Dec 5 - Open Source Show and Tell > Jan 2 - TBD > Feb 6 - DBUS > Mar 5 - Setting up a platform-independent home/small office network using > Linux _______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Dec 5 - Open Source Show and Tell Jan 2 - TBD Feb 6 - DBUS Mar 5 - Setting up a platform-independent home/small office network using Linux
