[prev in list] [next in list] [prev in thread] [next in thread]
List: nanog
Subject: Re: Port 139 scans
From: Charles Scott <cscott () gaslightmedia ! com>
Date: 2000-09-29 19:26:49
[Download RAW message or body]
On Fri, 29 Sep 2000, John Fraizer wrote:
> It might be a good idea to implement filtering on the borders for TCP SYN
> from 0/0 to 0/0 port 7597. That way, at least it can't be used once it's
> installed.
>
> I realize it is unrealistic to block 0/0 to 0/0 port 139 on the borders
> without breaking tons of winblows customers. It sure would be nice
> though. Especially considering the scope of things and how fast it's
> spreading.
We're also seeing a number of scans at a time. I wonder if anyone else
is bothering to pass on reports to the originating netblock contacts.
I don't know why we shouldn't block port 139. I blocked 137-139 for
years when I was running our previous ISP and no complaints. As they say,
let them use FTP! Good thought though, I'll have to add 7597 to our
filters.
Chuck Scott
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic