[Dshield] Alot of spoofing
malcolm at hotlinesupport.com
Wed Mar 20 06:30:18 GMT 2002
We are seeing alot of spoofed address attempts on our firewalls external
I am seeing some of our internal valid IP addresses being attempted to
connect to one of our valid class C broadcast address (.255) on ports
137& 138. While I know that these ports are used by MS NetBIOS, I
cannot understand why these people are being so persistant. I have seen
them use many different internal addresses and it happens about once
every 2 minutes. I am hoping that my firewall is doing the job of
protecting the network.
Does anyone know what this might be ?
Is there any way to find out their real IP address ?
More information about the list