Results 1 to 4 of 4

Thread: About ports 520 & 137 & DoS attacks

  1. #1
    Junior Member
    Join Date
    Oct 2001
    Posts
    11

    About ports 520 & 137 & DoS attacks

    Can anybody give me info on what attempts to connect to these ports might be?

    So 520 is routing? Would anybody have a legitimate reason to access this port? The attempts are from somebody on my ISP.

    Is 137 a DoS attack? Also from somebody on my ISP.

    Do you simply get booted offline with a DoS attack? Or does your modem act screwy (not realize that its disconnected; then have to re-start the computer to get the modem to work again). My modem's problems were solved when i installed Zone Alarm which made me think they might have been DoS attacks.

    Thanks for any help!

  2. #2
    Senior Member
    Join Date
    Sep 2001
    Posts
    412
    A scan on port 137 (netbios SMB service), is windows trying to gather network names of other pc's on its network, afaik this could be somebody's badly configured pc doing it of its own accord (with the help of the client for microsoft networks) or somebody issueing the nbtstat command against your ip - either way i wouldn't worry about it too much unless you see it in conjunction with probes to port 139 which would indicate somebody trying to connect to drive shares you may have.
    A word of warning on this issue - *never* have drives shared out on internet facing pc's (unless you have a suitable firewall) - you should never have file/print sharing enabled and unbind everything apart from tcp/ip to your dial up adapter (right click network nieghbourhood, properties - double click "dial up adapter" and go to bindings - you should, hopefully, just see tcp/ip with a mark to indicate it is bound to this adapter - if there are any other protocols listed here they should be unchecked)

    I don't know too much about rip (port 520) other than its a udp based protocol that allows routers to send out information on the best route for traffic to take to get to its destination - could be your isp's router doing just that - i'm not sure.

    Regarding denial of service attacks - i don't believe you get booted offline as such, its more like you just can't do anything while online - your modem will still register activity afaik.

  3. #3

    Post re: ports

    May I suggest the following sites for you to take a quick look at I honestly believe they are valuable information about ports

    TCP/UDP Port List

    Registered Ports

    Dynamic and or Private Ports


    Here is the point I started at to find this info for you...Whether it is reg cleaners or security tools this site has helped me find it

    list of lists

    I hope that this has helped you somewhat I post it hoping so.
    Mike M aka greyhairedwolf
    Mike M aka greyhairedwolf
    ----------------------------------------------
    Eight Words The Wiccan Rede Fulfills
    \"An it harm none do what you will\"
    ----------------------------------------------
    A mind is like a parachute it only works
    WHEN OPEN

  4. #4

    One other site to view

    A highly rated site although I find the list harder to view is

    http://www.networkice.com/advice/Exploits/Ports/
    Mike M aka greyhairedwolf
    ----------------------------------------------
    Eight Words The Wiccan Rede Fulfills
    \"An it harm none do what you will\"
    ----------------------------------------------
    A mind is like a parachute it only works
    WHEN OPEN

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •