dropped packets?

[elgato1906]

The last few day's I have been noticing some dropped packets at my firewall. When I ran tracert I tracked the addresses to the same ISP the IPs were only slightly different. All the packets that have been dropped were TCP packets destined for port 139 which is a NetBios port. should I be concerned that these were possible attempts to hack into my companies network or is it normal. This is the first time I have run a firewall so I can’t tell if this is normal or not. Any help would be greatly appreciated.

Thank You

 

[ackka]

Probably someone trying to scan for shared Drives on your windows 9x or 2000,NT machines. A program that does this is nbtscan or Legion which can be found at home.cyberarmy.com/tcu As long as your firewall is set up correctely you should be okay... Usually scans like this are just initial signs of a attacks but i would make sure to record ip addresses - incase

later

ackka
ackka@mad.scientist.com

http://home.cyberarmy.com/ackka

Java is the Future

 

[DarkShad]

In order to connect to TCP, a hacker must be able to see the responses. This is because the server will send the hacker its "Initial Sequence Number (ISN)", which must used in all of the subsequent packets sent to the server. Therefore, blind IP spoofing will not work with TCP, in theory.
The problem is that many machines use predictable ISNs. Therefore, a hacker can connect to the machine, find the current ISN, then predict what the ISN will likely be in the subsequent connection.

For example, some systems simply add 64k to the ISN of a previous connection, so a hacker can connect once, then add 64k to the spoofed connection.
I hope that this link might help you:

http://www.microsoft.com/TechNet/security/bulletin/ms99-046.asp

Thanx darkshad@icok.net