| reply to dja
Re: Port 1025-1027 Yes, attacks are occuring to UDP 1025-1029. I'm extremely careful where I go(no porn or gambling sites!) and have the latest anti-virus definitions for Norton AV. At least Zonealarm is blocking the attempt. |
|
|
|
| Hi Garciamd,
If I may politely point out, the attacks are not "to UDP 1025-1029", they are "From" (source) those ports, directed to your port 137.
Glad you are 'security conscious' with Anti Virus and firewall setups. If everyone protected their machines (as much as can be reasonably expected), I/we wouldn't be getting 60 Port 137 attacks per hour. 
" 'Spread the Word' not the Virus"
Jack |
|
| Thanks, I'm always willing to learn! As you mentioned correctly they are directed to port 137. There are a few threads in the security forum on this current anomaly. Let's hope it serves its purpose and get more users to be security conscious.
[text was edited by author 2002-10-01 13:59:05] |
|
 djaThe 'd' is silent ... unlike the member.Premium
join:2002-03-25
Niagara | reply to JackCam614
said by JackCam614:
" 'Spread the Word' not the Virus"
Jack
Should be the Security Forum Motto!
About 1025 services.
Protocol tcp
Name blackjack
Description network blackjack
Protocol udp
Name blackjack
Description network blackjack
Protocol tcp
Name listen
Description listener RFS remote_file_sharing
Protocol tcp
Name shoppro
Description ShopPro accounting software
Protocol tcp
Name FraggleRock
Description [TROJAN] Fraggle Rock
Protocol tcp
Name md5Backdoor
Description [TROJAN] md5 Backdoor
Protocol tcp
Name NetSpy
Description [TROJAN] NetSpy
Protocol tcp
Name RemoteStorm
Description [TROJAN] Remote Storm
Protocol udp
Name RemoteStorm
Description [TROJAN] Remote Storm
--
 Click HERE for the newsletter COGECO may, or may not, let you read! |
|
| I usually don't bother acknowledging flaming episodes, but in netwatchman case I'll make an exception. Given the fact that in another thread he states " I don't get it..." I'm assuming there's little medial of his auricles (look it up!)
Had he taken the time to read the original question he would have notice the comment was about anyone experiencing any recent port activity out of the ordinary. Had he also been more cognizant(look it up!) of the other threads in this forum he may actually learn something. But alas, that would be like trying to teach him how to read and I don't think anyone would like to waste their time in such a superficial way.
Thanks to all others who are courteous and who have showed some class.
[text was edited by author 2002-10-01 23:01:44] |
|
 Occasu$
join:2001-07-20
North Vancouver, BC | reply to dja
said by dja:
said by JackCam614:
" 'Spread the Word' not the Virus"
Jack
Should be the Security Forum Motto!
Agreed, very catchy |
|
 SYNACKJust Firewall ItPremium,Mod
join:2001-03-05
Venice, CA
Networking
Virtual Private Ne..
Netgear
ZyXEL
| reply to garciamd
Sorry, but mynetwatchman did not start a flaming episode, and he is absolutely correct (and used the word flaming rhetorically). He was one of the few who saw the complete uselessness of the ongoing discussion.
If you would like us to interpret logs, we need:
1. Destination port
2. source port
3. protocol (UDP, TCP, etc)
4. packet direction (incoming, outgoing)
5. Any discernible pattern (every 5 minutes, i sets of 3, etc).
Your original question (and the title of this thread!) was about ports 1025-1027. Typically "getting hits on xx" means xx is the destination port. It took you 14 posts deep into this thread to enlighten us that the destination port was actually 137. Up to that point basically wasting everybody's time with irrelevant information (and in this case, source ports are pretty irrelevant!).
So, please recognize sincere help as such.
--
Where in the world is LA/OC ? |
|
djaThe 'd' is silent ... unlike the member.Premium
join:2002-03-25
Niagara
| said by SYNACK:
He was one of the few who saw the complete uselessness of the ongoing discussion.
How was it useless?
Much useful info was posted
long before Larry arrived.
said by SYNACK:
It took you 14 posts deep into this thread to enlighten us that the destination port was actually 137.
In post (#8) I openly clarified what I had
correctly believed the member had meant.
He then confirmed this.
said by SYNACK:
Up to that point basically wasting everybody's time with irrelevant information.
What's irrelevant about the
links I posted in post (#5)?
said by SYNACK:
So, please recognize sincere help as such.
He did. Twice.
Granted the member was confused
about the source and destination ports,
but we knew with so much going on and
many threads already begun that this
member was dealing with NetBIOS Name requests.
Before you even posted, the member had
received all the information that was
required to understand what he was observing.
--
the "d" is silent - unlike the member
[text was edited by author 2002-10-02 01:57:36] |
|
SYNACKJust Firewall ItPremium,Mod
join:2001-03-05
Venice, CA Host:
Networking
Virtual Private Ne..
Netgear
ZyXEL
| Well, in a techical forum I typically don't rely on guessing and abstain from an interpretation based on incomplete data and up to that point you had to wildly guess. (At the same time it triggered a flood of the typical knee-jerk blackjack&Co. answers.)
There was nothing wrong with your links, but they were based on guesses and not on anything in the posts above it. (If you ask what is 2+2 and I answer "the sky is blue", I make a perfectly true statement (at least in california), but it is not related to the question).
There were (and still are) ongoing threads about the new 137/UDP epidemic (after all they biased your guess;)). If a new thread such as this is started I would rightfully assume a different topic until proven otherwise.
I really would encourage everybody to abstain from answering (=guessing) until all the vital facts are in. A final conclusion can never be better than the underlying data. |
|
| reply to dja
Thank you dja, you hit in on the nose!!!
Now let's all go and take a coffee break.
Keep up the good work! |
|
