[Dshield] RE: (Dshield) Reserved Addresses

Jeff Miller jrm.wa at verizon.net
Thu Mar 7 02:24:39 GMT 2002


No, not safe to say at all.  It's most likely a spoofed packet from a script
kiddie.  He's just looking for open holes.  If this packet was caught by
your firewall, then your firewall did it's job.  If you see that address in
your event log however, you should look into getting a firewall ASAP.

I would just ignore it, and be glad you're protected, though I fully
understand the curiosity of wanting to know about what happened!

The 10.x.x.x source address should never have gotten to your ISP, and the
fact that it did is not unusual.  It just means that the hacker's ISP is not
filtering for valid source IP's like a responsible ISP should.  Take solace
in the fact that hardly any ISP's are.  This is one of the major reasons why
they should.

-----Original Message-----
From: list-admin at dshield.org [mailto:list-admin at dshield.org]On Behalf Of
Toney, Mark
Sent: Wednesday, March 06, 2002 1:55 PM
To: "Dshield" ; "Keith Gainford"
Subject: [Dshield] RE: (Dshield) Reserved Addresses


     Port 137 UDP could be either TROJ_MSINIT.A (see
     http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MS
     INIT.A) or NETBIOS Name Service.

     Since it's coming from a 10.X.X.X address, would it be safe to assume
     that Keith's ISP probably has a machine with that address that is
     sending the queries?

     Mark


______________________________ Reply Separator
_________________________________
Subject: (Dshield) Reserved Addresses
Author:  "Keith Gainford" <SMTP:keith.gainford at btopenworld.com> at BUFFALO
Date:    3/6/2002 1:43 PM


I received two Port 137 UDP attacks from addresses within the 10.x.x.x
block. I am a home user and am not very knowledgable about the reasons for
Reserved Addresses. Is there any way of finding out where they have come
from, and who if anyone to report this abuse to.

Keith G

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/list

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/list




More information about the list mailing list