+- MacResource (https://forums.macresource.com)
+-- Forum: My Category (https://forums.macresource.com/forumdisplay.php?fid=1)
+--- Forum: Tips and Deals (https://forums.macresource.com/forumdisplay.php?fid=3)
+--- Thread: What is Spoof Attack? (/showthread.php?tid=7771)
What is Spoof Attack? - bbkim - 03-24-2006
I checked the log on my router (Dlink DI-624), and noticed the following entries.
Mar/23/2006 03:05:58 Target IP(192.168.0.255), Target Port(137) Packet Dropped
Mar/23/2006 03:05:58 Spoof IP(192.168.0.106), Spoof Port(137)
Mar/23/2006 03:05:58 Spoof Attack fromd MAC(00-80-45-2b-ab-2a) Detect,
The log lists the last event on the top.
This entry was repeated numerous times over 2 hour period (from 2AM to 4AM). Does anyone know what this means? It does not sound good, and has any harm done to my network? Do I need to do anything to safe my network? I am little scared.
Thank you.
Re: What is Spoof Attack? - Seacrest - 03-24-2006
Port 137 is for Windows Networking.
The script kiddies are just scanning IPs, looking for vulnerable Windows PCs.
A Spoof Attack is http://en.wikipedia.org/wiki/Spoof_attack
Re: What is Spoof Attack? - Monster - 03-24-2006
Port 137 is a NETBIOS port, a common attack point for script kiddies, worms, etc.
See, I get up to get a beer, yell at the kids, scratch my nutsack, then come back to hit post, and now it's just redundant.