My firewall is detecting hacker attacks called netBIOS Browsing, ping attack and cloaking all the time. What does...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
this mean? Is it dangerous? How do I stop this? Can I somehow put the hackers who are doing this behind bars? Thank you for taking the time to pose your questions. NetBIOS (port 139) and Server Message Block (port 445 - used if port 139 is disabled) are used for file sharing and provide information about your servers and sessions. These ports (along with ICMP/Ping) should be blocked in your border router, firewall, and disabled on servers with valid IP addresses that are accessible from the Internet.
Add a new rule in your router and firewall to drop any packets from the offending IP addresses (or network) scanning your network. Next, do a trace route (tracert) on these IP addresses and notify the ISP where the attacks are originating from -- chances are the ISP may have been hacked and they don't know it.
As for the severity of the attempts, carefully consider the following:
- Review your firewall logs as far back as you can and observe "accepted" connections and follow through.
- Review your server logs for security compromise and enable auditing, if not already done.
- Make a backup of your firewall logs and keep a printed copy available for quick reference.
- Check your firewall settings and make sure it's properly configured (e.g., to prevent anti-spoofing).
- Update your firewall and servers with the latest "tested" service packs and security hotfixes.
- Visit http://www.cybercrime.gov/reporting.htm to learn if you are the victim of a computer crime and take the appropriate course of action.
- Define alarms and configure your router, firewall, and servers to notify you immediately
- Closely monitor your router, firewall, and server logs moving forward.
- Read up on script kiddies.
Related Q&A from Luis Medina
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.