|
-
October 12th, 2001, 12:47 PM
#1
Junior Member
About ports 520 & 137 & DoS attacks
Can anybody give me info on what attempts to connect to these ports might be?
So 520 is routing? Would anybody have a legitimate reason to access this port? The attempts are from somebody on my ISP.
Is 137 a DoS attack? Also from somebody on my ISP.
Do you simply get booted offline with a DoS attack? Or does your modem act screwy (not realize that its disconnected; then have to re-start the computer to get the modem to work again). My modem's problems were solved when i installed Zone Alarm which made me think they might have been DoS attacks.
Thanks for any help!
-
October 12th, 2001, 02:06 PM
#2
Senior Member
A scan on port 137 (netbios SMB service), is windows trying to gather network names of other pc's on its network, afaik this could be somebody's badly configured pc doing it of its own accord (with the help of the client for microsoft networks) or somebody issueing the nbtstat command against your ip - either way i wouldn't worry about it too much unless you see it in conjunction with probes to port 139 which would indicate somebody trying to connect to drive shares you may have.
A word of warning on this issue - *never* have drives shared out on internet facing pc's (unless you have a suitable firewall) - you should never have file/print sharing enabled and unbind everything apart from tcp/ip to your dial up adapter (right click network nieghbourhood, properties - double click "dial up adapter" and go to bindings - you should, hopefully, just see tcp/ip with a mark to indicate it is bound to this adapter - if there are any other protocols listed here they should be unchecked)
I don't know too much about rip (port 520) other than its a udp based protocol that allows routers to send out information on the best route for traffic to take to get to its destination - could be your isp's router doing just that - i'm not sure.
Regarding denial of service attacks - i don't believe you get booted offline as such, its more like you just can't do anything while online - your modem will still register activity afaik.
-
October 13th, 2001, 12:34 AM
#3
Member
 re: ports
May I suggest the following sites for you to take a quick look at I honestly believe they are valuable information about ports
TCP/UDP Port List
Registered Ports
Dynamic and or Private Ports
Here is the point I started at to find this info for you...Whether it is reg cleaners or security tools this site has helped me find it
list of lists
I hope that this has helped you somewhat I post it hoping so.
Mike M aka greyhairedwolf
Mike M aka greyhairedwolf
----------------------------------------------
Eight Words The Wiccan Rede Fulfills
\"An it harm none do what you will\"
----------------------------------------------
A mind is like a parachute it only works
WHEN OPEN
-
October 13th, 2001, 12:39 AM
#4
Member
One other site to view
A highly rated site although I find the list harder to view is
http://www.networkice.com/advice/Exploits/Ports/
Mike M aka greyhairedwolf
----------------------------------------------
Eight Words The Wiccan Rede Fulfills
\"An it harm none do what you will\"
----------------------------------------------
A mind is like a parachute it only works
WHEN OPEN
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
