Loading ...
Sorry, an error occurred while loading the content.

Re: [TwinCLinG] strange

Expand Messages
  • Nick Hill
    ... This indicates a probable portscan from 195.243.119.43 on the netbios port 137 (netbios-ns). This is generally done over the net, where novice newbies
    Message 1 of 3 , Jun 4, 2001
    • 0 Attachment
      On Mon, Jun 04, 2001 at 10:36:44AM +0530, bsd_linux wrote:
      > 09.56.08.431040 195.243.119.43.netbios.ns > 210.212.215.124.netbios-ns:
      > >>> NBT UDP PACKET(137): QUERY;REQUEST;UNICAST
      > 09.56.08.431092 210.212.215.124 > 195.243.119.43: icmp: 210.212.215.124 udp port netbios-ns unreachable (DF) [tos 0xc0]
      >

      This indicates a probable portscan from 195.243.119.43 on the netbios
      port 137 (netbios-ns). This is generally done over the net, where
      novice newbies venture out on the net, with their drives/files shared
      on windows. Any remote user can access their files. If you get too many
      such errors, report the user (195.243.119.43)'s ISP, and lodge a complaint
      that this particular user is portscanning you. He's bound to get a notice.
      I seem to be having problems rDNS'ing/WHOis'ing it. Suresh? any idea who's
      the ISP for the network?

      Nikhil.

      --
      Nikhil Shankar (nikhilwiz at yahoo.com)

      Slackware Linux http://www.slackware.com/
      I guess that's why people care: Some distributions have character.
    • Satyakam Goswami
      ... IP Block info showed the following info courtesy samspade. hope it helps IP block lookup for 195.243.119.43 whois -h whois.ripe.net 195.243.119.43 % This
      Message 2 of 3 , Jun 4, 2001
      • 0 Attachment
        > On Mon, Jun 04, 2001 at 10:36:44AM +0530, bsd_linux wrote:
        >> 09.56.08.431040 195.243.119.43.netbios.ns > 210.212.215.124.netbios-ns:
        >> >>> NBT UDP PACKET(137): QUERY;REQUEST;UNICAST
        >> 09.56.08.431092 210.212.215.124 > 195.243.119.43: icmp: 210.212.215.124
        >> udp port netbios-ns unreachable (DF) [tos 0xc0]
        >>
        >
        > This indicates a probable portscan from 195.243.119.43 on the netbios port
        > 137 (netbios-ns). This is generally done over the net, where
        > novice newbies venture out on the net, with their drives/files shared on
        > windows. Any remote user can access their files. If you get too many such
        > errors, report the user (195.243.119.43)'s ISP, and lodge a complaint that
        > this particular user is portscanning you. He's bound to get a notice. I
        > seem to be having problems rDNS'ing/WHOis'ing it. Suresh? any idea who's
        > the ISP for the network?

        IP Block info showed the following info courtesy samspade. hope it helps

        IP block lookup for 195.243.119.43

        whois -h whois.ripe.net 195.243.119.43

        % This is the RIPE Whois server.
        % The objects are in RPSL format.
        % Please visit http://www.ripe.net/rpsl for more information.
        % Rights restricted by copyright.
        % See http://www.ripe.net/ripencc/pub-services/db/copyright.html

        inetnum: 195.243.119.0 - 195.243.119.127
        netname: ALIFE
        descr: A Lifestyle Handels- & Unterhaltungs GmbH
        descr: Web-Contents
        descr: Moenchengladbach
        country: DE
        admin-c: FS476-RIPE
        tech-c: FS476-RIPE
        status: ASSIGNED PA
        notify: registry@...
        mnt-by: DTAG-NIC
        changed: ak@... 19980407
        source: RIPE

        route: 195.243.0.0/16
        descr: Deutsche Telekom AG, Internet service provider
        origin: AS3320
        mnt-by: DTAG-RR
        changed: bp@... 19971223
        changed: bp@... 19980423
        source: RIPE

        person: Fred Scheres
        address: A Lifestyle Handels- und Unterhaltungs GmbH
        address: Borsigstr. 21
        address: D-41066 Moenchengladbach
        address: Germany
        phone: +49 2161 966060
        fax-no: +49 2161 665836
        e-mail: fred@...
        nic-hdl: FS476-RIPE
        notify: registry@...
        notify: dbd@...
        mnt-by: DENIC-P
        mnt-by: DTAG-NIC
        changed: auto-inkasso@... 19970423
        changed: lb@... 19980305
        source: RIPE


        S.Goswami

        --
        Archean Infotech
        Victory Vihar,Himayatnagar
        Hyderabad 500029,www.archeanit.com
        Ph:3228666,6570704,3228674
        Mobile:9849016667
      Your message has been successfully submitted and would be delivered to recipients shortly.