[Dshield] Firewall or other security tool that bites back???

Samantha Fetter sama at snowplow.org
Mon Nov 18 22:32:48 GMT 2002


I was about to respond when I saw this response from Bob.  I agree,
although I don't think (in my humble opinion!) that either the traffic,
nor the logging with such a small amount of traffic, should cause the
system to lock up.

One of my systems is a mere PII-233mmx running '98 and I use (no
affiliation here, just my personal experience, so don't pounce on me
please!!) Sygate Personal Firewall, and I log WAY more hits than that on
various ports at times and have no problems with my system locking up.
Sometimes I'll turn on the packet logging (where it captures the entire
packet, data and all, for those not familiar) to see what's in these
packets that are coming in, and I don't have the lock ups.

Are you sure you haven't been compromised and have other things going on
at the same time as the probes?

Just some ideas.... and as always just my opinion and I'm welcome to
suggestions/corrections to them.

Cheers,
Samantha

On Mon, 18 Nov 2002, Fitton, Robert (Bob) wrote:

> Does your firewall allow you to turn off logging for 137 only?  It
> might be the overhead of the LOGGING that is killing you! I block
> 137-139, but never log them.
>
> >-----Original Message-----
> >From: rilya byor [mailto:rilya1 at yahoo.com]
> >Sent: Monday, November 18, 2002 6:33 AM
> >To: list at dshield.org
> >Subject: [Dshield] Firewall or other security tool that bites back???
> >
> >
> >I've had it with these port 137 probes--I just logged
> >27 in the last 3 minutes, after which my connection
> >locked up AGAIN.  Does anybody know if there's a
> >Windows program that can be set up to listen on port
> >137 and automatically shoot back???
> >rilya
> >




More information about the list mailing list