Welcome to the Blackout Audio Techno Forums :: Underground Network.
Results 1 to 7 of 7
  1. #1
    Junior Freak
    Join Date
    Jan 2003
    Location
    Devon
    Posts
    403

    Default Port 137 getting hammered

    Ok this is why i asked about firewalls because ive for Zone alarm running and port 137 is getting hammered all the time ! on the UDP protocol.

    Anyone else getting this ?

  2. #2
    Junior Freak
    Join Date
    Jan 2003
    Location
    London
    Posts
    129

    Default

    Port 137 is used sometimes for NetBios attacks via the internet, netBios is designed for use with networks to allow sharing of information. If you are using windows 9X then there is a known bug with netbios. Not sure if this is whats happening though as I have never used zone alarm. Im sure that it stops UDP packets though.

    https://grc.com/x/ne.dll?bh0bkyd2

    If you go to this link you can test your security.

  3. #3
    Junior Freak
    Join Date
    Jan 2003
    Location
    Devon
    Posts
    403

    Default

    yea been to GRC pretty cool, gave a good result for me :D but who knows

    cheers Nomak for the info i did abit of research into this stuff and found that out, i saw loads of shite about port 137 getting hammered and bugs in windows and IE and the netbios sharing stuff.

    Hopefully i'll be ok but i get probed on that port almost every 2 minutes.

  4. #4
    Junior Freak
    Join Date
    Nov 2002
    Location
    tucked away
    Posts
    411

    Default port 137

    the probes you are receiving are probably a mixture of the following:-

    some will be from random windows machines on the net - as windows uses udp 137 to resolve netbios names. This should only happen on the broadcast domain i.e. internal network but you also get machines spewing this traffic out on the internet. Some machines will also try and resolve your name when you have browsed to them , if they are an nt /win 2000 server. A lot of this stuff could be considered 'background noise' and can be ignored.

    There are a couple of worms which probe on port 137 i.e. Opaserv and Bugbear, which are looking for holes, but any half-decent firewall should block this traffic by default. Personally I use zone alarm, but I've also heard that tiny personal firewall isn't bad either....

  5. #5
    Junior Freak
    Join Date
    Jan 2003
    Location
    Devon
    Posts
    403

    Default

    Ok cheers for that, i looked online about this and alot of people are getting the same thing, so its not just me.

  6. #6
    System Janitor
    Join Date
    Oct 2002
    Location
    Toronto, Ontario, Canada
    Posts
    917

    Default ort 137

    There are usually constant scans on the net for port 137 . People are looking for unpassworded windows shares all the time.


    700 54600 deny log udp from any to me 137 via tun0

    I have received 700 scans for port 137 in the last 24 hours from people ALL over the net.

    Blocking is from outside your network is always the best policy
    You go in hard, and you go in fast.

  7. #7
    Supreme Freak
    Join Date
    Feb 2003
    Location
    London
    Posts
    621

    Default

    Set up a firewall. Keep up to date with patches. Install a good virus checker. Ignore the firewall logs. Everyone is trying to hack everyone all the time, but they are mostly looking for soft targets.

 

 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Back to top