Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19
netbios-ns
Results 1 to 5 of 5

Thread: netbios-ns

  1. #1

    netbios-ns

    I'm just curious, what is it actually? An attack or something? I get those UDP probes from port 1024-up.

  2. #2

    Re:netbios-ns

    It's for SMB traffic (windows fle sharing and SAMBA). I don't know why your getting hit with a lot of it, but it would usually come from a random port above 1024 destined to upd or tcp 137 on your machine. There are a few other netbios ports as well, 138, 139, etc. If you are not running windows or SAMBA, I wouldn't worry much about it. Check to see if those ports are in fact open on your box. If they are open, and you need them, try to figure out the origin of the packets and why they are trying to connect to you. Normally, all netbios traffic should never be allowed to pass from your LAN to the WAN, unless its running through a VPN link.

  3. #3

    Re:netbios-ns

    I'm not running samba. It came from different addresses. Why are they probing me? Is it intentional? What kind of an attack can they mount once they have access to it?

  4. #4

    Re:netbios-ns

    It's a very common port to scan for as many misconfigured (actually, I should say unconfigured) NT boxes will allow users to make anonymous "null" connections to the hidden IPC share. Thus they can gain tons of info on a specific domain, such as host names, information on shares, server roles, etc. I'm sure there are also tons of other exploits for netbios as well. I would just ignore these probes unless they are causing you problems.

  5. #5
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Re:netbios-ns

    and continue to block them. I have ZERO problems here, and both firewalls kill netbios probes. I dont see any ill effects, and since I cant trust M$'s shitty code and oh-so-wonderful-security-practices, I am planning on blocking them for life.

Similar Threads

  1. NetBIOS required for full functionality
    By regix in forum Windows - General Topics
    Replies: 0
    Last Post: 01-01-2005, 09:29 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •