Home Network Hackers - Tilted Forum Project Discussion Community

MahlerIsGod · 11-28-2003, 07:44 PM

I live in a building with many a student and we are all connected to the Net through a network. I just happened to check the events log on my McAfee Firewall. Here on messages I have been getting:

1) A computer in your Banned IP list at (name removed) has attempted to access UDP port 137 on your computer.
UDP port 137 is commonly used by the "NETBIOS Name" service or program. NetBIOS is used for Windows file sharing. It can be exploited to access files on your computer.

2) A computer in your Banned IP list at (name removed) has attempted to access UDP port 138 on your computer.
UDP port 138 is commonly used by the "NETBIOS Datagram" service or program. NetBIOS is used for Windows file sharing. It can be exploited to access files on your computer.

Are these events just our computer talking to one another on the network or is something trying to pry into my computer? McAfee says that my computer is being protected from these events but do I need to contact the network administator about my fellow students trying to hack my computer? Thanks. Much obliged.

Pragma · 11-28-2003, 08:05 PM

People on campus networks typically attempt to access each other's Windows networking shares (ie: \\yourcomputer\public ) to see if you're sharing music, etc. It's not something to be worried about. Just make sure you've got all of the various Windows Update patches and you shouldn't have a lot to worry about.

Sapper · 11-28-2003, 08:08 PM

Wrong on both counts.

Windows machines (and anything using the SMB protocol) will send out probes looking for any other SMB machines to add to the current network list. Typically the LM Master machine will send the probes - but in an "unmanaged SMB" network, this "Master" status will change and so differing machines will send out the "explorarion" packets.

Don't worry about it. Just means that the other machine is/was the "master" machine and was checking for new computers on the "Microsoft File Sharing" network.

hk- · 11-29-2003, 06:29 AM

I would disable netbios sharing anyway, its one of the more insecure protocols. Using scripts like NetBrute you can gain access to the c drive (c$ share) specially if you leave the ipc$ share up and leave guest access enabled.

I share things with my housemates here, but only over sftp.

11-28-2003, 07:44 PM	#1 (permalink)
MahlerIsGod At The Globe Showing Will How Its Done Location: London/Elysium	Home Network Hackers I live in a building with many a student and we are all connected to the Net through a network. I just happened to check the events log on my McAfee Firewall. Here on messages I have been getting: 1) A computer in your Banned IP list at (name removed) has attempted to access UDP port 137 on your computer. UDP port 137 is commonly used by the "NETBIOS Name" service or program. NetBIOS is used for Windows file sharing. It can be exploited to access files on your computer. 2) A computer in your Banned IP list at (name removed) has attempted to access UDP port 138 on your computer. UDP port 138 is commonly used by the "NETBIOS Datagram" service or program. NetBIOS is used for Windows file sharing. It can be exploited to access files on your computer. Are these events just our computer talking to one another on the network or is something trying to pry into my computer? McAfee says that my computer is being protected from these events but do I need to contact the network administator about my fellow students trying to hack my computer? Thanks. Much obliged. __________________ "But a work of art is a conscious human effort that has to do with communication. It is that or its nothing. When an accident is applauded as a work of art, when a cult grows up around the deliciousness of inadvertent beauty, we are in the presence of the greatest decadence the West has known in its history."

11-28-2003, 08:05 PM	#2 (permalink)
Pragma I am Winter Born Location: Alexandria, VA	People on campus networks typically attempt to access each other's Windows networking shares (ie: \\yourcomputer\public ) to see if you're sharing music, etc. It's not something to be worried about. Just make sure you've got all of the various Windows Update patches and you shouldn't have a lot to worry about. __________________ Eat antimatter, Posleen-boy!

11-28-2003, 08:08 PM	#3 (permalink)
Sapper Insane Location: The Internet	Wrong on both counts. Windows machines (and anything using the SMB protocol) will send out probes looking for any other SMB machines to add to the current network list. Typically the LM Master machine will send the probes - but in an "unmanaged SMB" network, this "Master" status will change and so differing machines will send out the "explorarion" packets. Don't worry about it. Just means that the other machine is/was the "master" machine and was checking for new computers on the "Microsoft File Sharing" network. __________________ rm -f /bin/laden

11-29-2003, 06:29 AM	#4 (permalink)
hk- Upright	I would disable netbios sharing anyway, its one of the more insecure protocols. Using scripts like NetBrute you can gain access to the c drive (c$ share) specially if you leave the ipc$ share up and leave guest access enabled. I share things with my housemates here, but only over sftp. __________________ [ hk ] [ hk.hamlesh.com ]