[prev in list] [next in list] [prev in thread] [next in thread]
List: firewalls-gc
Subject: Re: Block and forget tcp/524 at the perimeter ?
From: Joakim von Braun <joakim.von.braun () risab ! se>
Date: 2001-01-31 21:40:35
[Download RAW message or body]
I occasionally see connect attempts coming from
>random hosts on the internet to some of the web servers
>I maintain to TCP port 524.
> I understand this is used Novell as part of their
>protocol stack.
> Should I just block these at the border router and
>forget about them the same as I do with udp/137 which
>is a Windows PC trying to do a netbios name lookup ?
>(is it the same thing - the default way a machine works
>as opposed to an active exploit?)
If you are not running Novell I guess you can forget it. The connection
attempts are made because it existed a vulnerability back in Linux RedHat
6.2, and they are hoping to find an old, unpatched machine.
Cheers,
Joakim
Joakim von Braun phone +46-(0)8-428 95 05
von Braun Consultants cell phone +46-(0)709-56 16 42
Kristinehovsgatan 14
SE-117 29 Stockholm, SWEDEN
The Trojan Database: http://www.simovits.com/trojans/trojans.html
-
[To unsubscribe, send mail to majordomo@lists.gnac.net with
"unsubscribe firewalls" in the body of the message.]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic