[Dshield] What to do when box is attempting 139 out to AFNOC

John Hardin johnh at aproposretail.com
Tue Jan 13 23:07:27 GMT 2004


On Tue, 2004-01-13 at 12:59, Linda Ruiz wrote:

> The problem:
> Three attempts were made yesterday EST (+5 GMT?) 15:38, 17:00 &
> 20:19 to connect to dest port 139 to an IP somewhere within
> AFNOC (137.10.237.x) -- all from the Citrix MetaFrame box.

NetBIOS-based name resolution attempts? ISTR something about MS OSes
fall back to a NetBIOS query if reverse DNS fails...

--
John Hardin  KA7OHZ                           
Internal Systems Administrator/Guru               voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
 If you smash a computer to bits with a mallet, that appears to count
 as encryption in the state of Nevada.
                                               - CRYPTO-GRAM 12/2001
-----------------------------------------------------------------------




More information about the list mailing list