On Monday 10 December 2007, Allen Weiner wrote: > On Sun, 2007-12-09 at 23:34 -0500, Porkchop wrote: > > On 09/12/07 22:20 -0500, Allen Weiner wrote: > > > Now, in addition to all the connection attempts to my port 80, I'm > > > getting tons of UDP traffic to port 137 being trapped by iptables > > > and/or Firestarter. I have no idea what's going on. Do you have any > > > suggestions? I Googled UDP "port 137". One thing I saw is something > > > about reverse DNS lookups from secondary DNS servers running Windows. > > > > 137, 138, and 139 are ports for windows netbios tunnels. What you're > > seeing are in all liklihood comprimised hosts looking to infect you > > using any one of a billion security holes windows had (and possibly, > > has).
There's a quicker way to find out what services are associated with certian ports; have a look at /etc/services on your Linux box, which is a text file. > There is still something I'd like to understand. > > When my /etc/resolv.conf was this: > > ======== grep -v '^#' /etc/resolv.conf ========== > ; generated by /sbin/dhclient-script > search myhome.westell.com > nameserver 192.168.1.1 > nameserver 192.168.1.1 > > Iptables never logged any UDP packets going to port 137. (I had switched > to a statically assigned IP address, however I had not manually edited > resolv.conf. This resolv.conf was a leftover from when I had been using > DHCP). > > > When I changed my /etc/resolv.conf to this: > > ======== grep -v '^#' /etc/resolv.conf ========== > nameserver 68.237.161.12 > nameserver 71.250.0.12 > > Iptables logs a UDP packet going to port 137 every 30 seconds, for every > session I'm online. Why did this change to resolv.conf cause Iptables to > start logging large number of UDP packets to port 137 when it previously > logged none? Makes no sense. I don't think these are related. /etc/resolv.conf only relates to DNS, which is stuff on port 53. Port 137 is for NETBIOS, and which is nonroutable. Are you perhaps using tunnelling like with a VPN connection or something? -- Chris -- Chris Knadle [EMAIL PROTECTED] _______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Dec 5 - Open Source Show and Tell Jan 2 - TBD Feb 6 - DBUS Mar 5 - Setting up a platform-independent home/small office network using Linux
