- Posts: 101
- Thank you received: 0
Question with port 137
20 years 4 months ago #2046
by Neon
Replied by Neon on topic Re: Question with port 137
Also forgot to mention that looking @ the ZoneAlarm logs, all those ports 137 and port 139 do come up from some machines saying that they were blocked (good thing) so I do know the the firewall is doing something right 
20 years 4 months ago #2047
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Replied by sahirh on topic Re: Question with port 137
There ya go, if your firewall logs are showing that port 137 and 139 are blocked then you don't have a problem. There are no exploits that I know of that bypass ZA, the only one that does do the rounds is one that causes ZA to use 100% system resources.. but that requires the attacker to be on the same LAN as you.. so its irrelevant.
If the supposed attacker has a record then it means he was stupid enough to do something illegal.. and even stupider to get caught for it. Now he's even more stupid because he's crowing about having done it again (whether he did or didn't). Something tells me this person is very juvenile and is on the lower end of the IQ scale (in sharp contrast to us chaps here at firewall.cx )
I say humour him a bit.. let him think you really believe he is a L33t c00l d00d h4x0r w|7h gr34t 5k1llz.. and that he totally 0wn3d your b0x.... and you've reported him to all the relevant authorities. You could throw in a bit saying the ISP has asked whether you want to press charges !
I get so worked up about these types.. they're the ones that make actual security researchers look like common criminals.. and their also the main reason we can't have full disclosure with regard to security problems.
Actual security professionals need to have exploit code that works and detailed descriptions about vulnerabilities, or how else do we do our jobs ? But because of the fear of some stupid kid downloading an exploit and running round breaking into other peoples machines, this doesn't happen.
Anyway I can end my rant here.. this post caught me on a bad day, I had to restore my weblog from (a horribly old) backup and now when I try to access it, blogspot is giving me an error 500. :evil:
btw thats the first time I've ever actually typed in 'l33t h4x0r l4ngu4g3'.. its actually quite fun
If the supposed attacker has a record then it means he was stupid enough to do something illegal.. and even stupider to get caught for it. Now he's even more stupid because he's crowing about having done it again (whether he did or didn't). Something tells me this person is very juvenile and is on the lower end of the IQ scale (in sharp contrast to us chaps here at firewall.cx
)I say humour him a bit.. let him think you really believe he is a L33t c00l d00d h4x0r w|7h gr34t 5k1llz.. and that he totally 0wn3d your b0x.... and you've reported him to all the relevant authorities. You could throw in a bit saying the ISP has asked whether you want to press charges !
I get so worked up about these types.. they're the ones that make actual security researchers look like common criminals.. and their also the main reason we can't have full disclosure with regard to security problems.
Actual security professionals need to have exploit code that works and detailed descriptions about vulnerabilities, or how else do we do our jobs ? But because of the fear of some stupid kid downloading an exploit and running round breaking into other peoples machines, this doesn't happen.
Anyway I can end my rant here.. this post caught me on a bad day, I had to restore my weblog from (a horribly old) backup and now when I try to access it, blogspot is giving me an error 500. :evil:
btw thats the first time I've ever actually typed in 'l33t h4x0r l4ngu4g3'.. its actually quite fun
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.139 seconds