North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Port 139 scans
- From: Charles Scott
- Date: Fri Sep 29 15:50:24 2000
On Fri, 29 Sep 2000, John Fraizer wrote:
> It might be a good idea to implement filtering on the borders for TCP SYN
> from 0/0 to 0/0 port 7597. That way, at least it can't be used once it's
> installed.
>
> I realize it is unrealistic to block 0/0 to 0/0 port 139 on the borders
> without breaking tons of winblows customers. It sure would be nice
> though. Especially considering the scope of things and how fast it's
> spreading.
We're also seeing a number of scans at a time. I wonder if anyone else
is bothering to pass on reports to the originating netblock contacts.
I don't know why we shouldn't block port 139. I blocked 137-139 for
years when I was running our previous ISP and no complaints. As they say,
let them use FTP! Good thought though, I'll have to add 7597 to our
filters.
Chuck Scott
|
