[Dshield] NETBIOS Probe

Johannes B. Ullrich jullrich at sans.org
Mon Mar 25 17:48:02 GMT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 25 Mar 2002, Kelly Martin wrote:

> I've disagreed with the categorization of 137 as "possible firewall
> misconfiguration" as well.  While it is true that certain operating systems
> routinely send probes out on port 137 (for no good reason),

It should be marked as 'green' (low risk) shortly. The blue category
is wrong for it. Originally, the idea was to label it as 'blue' as
you probably shouldn't log it as an attack, but you should still block 
it.


- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8n2LUwWQP+4im9DYRApoLAJ45RhLdDBfvW9zght9xYPcZ8M0rjwCgiLrn
ReNGh2m0NOmGlUBnwRP/iSM=
=HiYu
-----END PGP SIGNATURE-----




More information about the list mailing list