From: Liam Bedford (lbedford at domain wbtsystems.com)
Date: Sat 18 Sep 1999 - 12:23:03 IST
On Sat, 18 Sep 1999, Thomas Ribbrock wrote:
> I also have tcp-wrappers running (i.e. ALL:ALL in /etc/hosts.deny) - would
> that prevent nc from running properly?
If nc is run as an inetd service through tcpd, then yes, otherwise you
should be okay.. (check /etc/inetd.conf).
>
> According to /etc/services, port 137 is "netbios-ns" - which doesn't tell me
> much. I've also found out that port 137 seems to be one of the ports used in
> a WinNuke attack, so my first suspicion were script-kiddies - but it happens
> far to often (especially when considering that I don't have a fixed IP
> address (PPP/dial-in)) to be that, I think.
>
It's a windows network name service lookup... strange that you should get
hit on that port... it probably only comes from Windows machines though!
L.
--- Liam Bedford System Administrator WBT Systems, Block 2, Harcourt Centre, Harcourt St. 01-4170153 18, Edenbrook Manor, Rathfarnham, Dublin 14 01-4950344
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:04:34 GMT