[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: Block and forget tcp/524 at the perimeter ?
From:       Joakim von Braun <joakim.von.braun () risab ! se>
Date:       2001-01-31 21:40:35
[Download RAW message or body]

 I occasionally see connect attempts coming from
>random hosts on the internet to some of the web servers
>I maintain to TCP port 524.
>  I understand this is used Novell as part of their
>protocol stack.
>  Should I just block these at the border router and
>forget about them the same as I do with udp/137 which
>is a Windows PC trying to do a netbios name lookup ?
>(is it the same thing - the default way a machine works
>as opposed to an active exploit?)

If you are not running Novell I guess you can forget it. The connection
attempts are made because it existed a vulnerability back in Linux RedHat
6.2, and they are hoping to find an old, unpatched machine.

Cheers,
Joakim

Joakim von Braun         phone +46-(0)8-428 95 05
von Braun Consultants  cell phone +46-(0)709-56 16 42
Kristinehovsgatan 14
SE-117 29 Stockholm,  SWEDEN

The Trojan Database:  http://www.simovits.com/trojans/trojans.html 



-
[To unsubscribe, send mail to majordomo@lists.gnac.net with
"unsubscribe firewalls" in the body of the message.]

[prev in list] [next in list] [prev in thread] [next in thread]