Solved

Firewall Attack Help !!

Posted on 2004-10-12
5
174 Views
Last Modified: 2013-11-16
Help, my Firewall is detecting that IP Address 193.108.87.93:6184 has a target Destination of : 192.168.1.255:137 UDP.

There are no custom filters setup on my Firewall to point traffic to that address and I dont have PC with an address of 192.168.1.255.  When I ping 192.168.1.255 on my LAN I do get results returned.  But I definatley dont have a printer, device or anything else.

Whats going on !!!
0
Comment
Question by:Northumberland
  • 3
  • 2
5 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
Comment Utility

192.168.1.255 is the Broadcast address for a 24 bit subnet (192.168.1.0 255.255.255.0).

Port 137 is the NetBIOS Port, broadcasts are all sent to that 192.168.1.255 address - this port should be blocked on your firewall, there's no need for external devices to Broadcast in your subnet.

The Broadcast Address is seen by everything on your Subnet.
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

*edit* Should read: Broadcasts from the Subnet 192.168.1.0/24 are all sent to the 192.168.1.255 address.

For an external device trying to access that port it could be any of someone Port Scanning or perhaps a Virus (on the remote computer).
0
 

Author Comment

by:Northumberland
Comment Utility
So Chris should I clode port 137 anyway ?
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

In my opinion no one will need to get to Port 137 Externally, equally Port 137 will not need to go outside of your network. So it should be closed. on the Firewall.
0
 

Author Comment

by:Northumberland
Comment Utility
Thanks Chris
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now