• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Security Problem

C

CSMOOTH

Member
Hey guys, could use your help... here is my problem:

I am running a Win2K Server Network at home and have 3 client computers. I am using a Linksys router and have not set up Active Directory. I was running IIS for a while but took it down recently.

All of a sudden like 3 days ago all of these logon attempts show up in my security log and I have no idea where they are coming from. I used shields-up and supposedly all of my ports are stealthed... There is incoming activity that was logged at the router with destination ports 2427, 2416, and 137.

I know that 137 is the net-bios port. How can I make sure that it is not open to the internet (137-139 and 445)??? and how can I get more information about the failed logins?
 
If you are behind a router, and you have not specifically opened port 137, it wont be accessible to anyone on the net.

Likely your router is logging attempts to connect, but there are no actual connections occuring.

The internet is a busy place. Stuff like this happens all the time, that's what your router/firewall is for, don't sweat it.
 
But the actual problem is that there were tons (read 100's) logon attempts that showed up in the security log on the server. So I guess the question is more something like Is there a way to move past the router to the server even with no ports forwarded?
 
So how would you tell if the net-bios is exposed to the outside world? I have forwarded the 4 net-bios ports to a non-existant IP address from the router and suddenly the logon attempts have stopped.
 
The "attempts" have stopped being logged, because they're being sent on to be handled inside your network. Since there's no machine there, nothing happens there. The "attempts" are probably still coming, just not getting answered.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top