[CS-FSLUG] Net-bios/file-sharing "attack"
Stephen J. McCracken
smccracken at hcjb.org.ec
Wed Oct 12 11:08:56 CDT 2005
Ed Hurst wrote:
> Correction: 137 & 138, along with some odd stuff regarding ports 67 &
> 68. After further examination, I realize what I'm seeing are broadcasts
> from her machine to all points within our virtual LAN on SBC. Samples:
>
> Oct 11 22:24:40 crunch kernel: ipfw: 900 Deny UDP 192.168.1.64:138
> 192.168.1.255:138 in via rl0
> Oct 12 07:59:36 crunch kernel: ipfw: 900 Deny UDP 192.168.1.64:68
> 255.255.255.255:67 in via rl0
Ports 67 & 68 are for DHCP and therefore need to be broadcast much
"wider" as it can't know the network it's on before receiving its ip
address.
More information about the Christiansource
mailing list