by mail.netbsd.org with SMTP; 11 Sep 2000 15:54:18 -0000
	id <S31HL1W3>; Mon, 11 Sep 2000 12:05:10 -0400
Message-ID: <E10D54F27C6AD11196EF00600812C5CF067EAA@CNENT>
From: Tony Hernadez <tony@cne-inc.com>
To: "'mipam@ibb.net'" <mipam@ibb.net>
Cc: "'tech-security@netbsd.org'" <tech-security@netbsd.org>
Subject: RE: random connections on TCP port: 139
Date: Mon, 11 Sep 2000 12:05:10 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="windows-1252"

So, is there anyway to block these connects on this port on my machine ? ?
.. I mean my /etc/hosts.deny file is getting really long now.

cheers,
--
Tony Hernandez
Network Engineer
Computer Network Experts


-----Original Message-----
From: Mipam [mailto:mipam@ibb.net]
Sent: Monday, September 11, 2000 11:47 AM
To: Tony Hernadez
Cc: 'tech-security@netbsd.org'
Subject: Re: random connections on TCP port: 139


On Mon, Sep 11, 2000 at 11:49:47AM -0400, Tony Hernadez wrote:
> Can someone shine some light on why my server is always getting netbios
> connections from random computers on atlantic.net's dial up lines ? here
are
> some clips:
> 
> attackalert: Connect from host:
jcvmfl-as-1-ip-41.atlantic.net/209.208.19.72
> to TCP port: 139
> attackalert: Connect from host:
> mtldfl-as-3-ip-08.atlantic.net/209.208.45.135 to TCP port: 139
> attackalert: Connect from host:
> ocalflifanb-as-2-r1-ip-583.atlantic.net/209.208.10.75 to TCP port: 139
> attackalert: Connect from host:
jcvmfl-as-1-ip-42.atlantic.net/209.208.19.73
> to TCP port: 139
> 
> I really do not think that these are actually attacks on this server but..
> It is getting annoying. Anyone run into something like this?
> 

Sure, sure, every day i guess.
So many m$ crapware machine on the net is the reason if you ask me.
Why to try to talk to our network on port 139 i dont know, but i guess
its a habit of m$ systems.
Anyway, i blocked this allrdy on the router. So no such traffic actually
gets
in. 
Bye,

Mipam.