This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Packet Filter Logs - SMTP sets to 137 UDP?

Dear Board,

i realize some logs in paket filter i cant assign. it's always the same - from time to time our mail server (located in DMZ) gets connections from a host on the internet (nothing special, quite normal) to SMTP Port 25. A second later our Mail Server tries to reach the sender ip via source Port 137 to Destination Port 137 via UDP??? This is getting blocked via Packet Filter and creates a log like this:

/var/log/packetfilter/2009/11/packetfilter-2009-11-17.log.gz:2009:11:17-03:11:47 nord-gate ulogd[3259]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="17" seq="0" initf="eth1" outitf="eth2" dstmac="00:1a:8c:10:8f:f9" srcmac="00:1a:8c:10:8f:fa" srcip="78.163.119.141" dstip="10.0.1.2" proto="6" length="48" tos="0x00" prec="0x00" ttl="117" srcport="4688" dstport="25" tcpflags="SYN"

/var/log/packetfilter/2009/11/packetfilter-2009-11-17.log.gz:2009:11:17-03:11:48 nord-gate ulogd[3259]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth2" outitf="eth1" dstmac="00:1a:8c:10:8f:fa" srcmac="00:1a:8c:10:8f:f9" srcip="10.0.1.2" dstip="78.163.119.141" proto="17" length="78" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137"

/var/log/packetfilter/2009/11/packetfilter-2009-11-17.log.gz:2009:11:17-03:11:49 nord-gate ulogd[3259]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth2" outitf="eth1" dstmac="00:1a:8c:10:8f:fa" srcmac="00:1a:8c:10:8f:f9" srcip="10.0.1.2" dstip="78.163.119.141" proto="17" length="78" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137"

/var/log/packetfilter/2009/11/packetfilter-2009-11-17.log.gz:2009:11:17-03:11:51 nord-gate ulogd[3259]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth2" outitf="eth1" dstmac="00:1a:8c:10:8f:fa" srcmac="00:1a:8c:10:8f:f9" srcip="10.0.1.2" dstip="78.163.119.141" proto="17" length="78" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137"

Why is our server trying to connect the source on 137??? Do i have to be scared about that?

Thanks in advance....

Maik

This thread was automatically locked due to age.

Parents

0 BAlfson over 15 years ago

This is all I found with a quick google:
National Vulnerability Database (NVD) National Vulnerability Database (CVE-2001-0260)
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 15 years ago

This is all I found with a quick google:
National Vulnerability Database (NVD) National Vulnerability Database (CVE-2001-0260)
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data