I keep getting repeated attempts of people trying to connect to my server to port 119(nntp) and 137(netbios)
this is how it goes:
a single ip tries to connect to those 2 ports over and over and over. immediatly, my server picks it up as a threat and blocks them. this goes on for about 30 mins then stops. now a new ip starts doing the exact same thing. for 30 mins or so then a new one etc etc.
i dont nave nntp or netbios service running ever as im running a linux server rather windows
i just found it odd that there would be computers trying to connect to those 2 ports and only from 1 ip at a time. never 2 ips in the same time period trying to connect.
what could it be? maybe some dumb kid thinking hes cool thinks hes taking out a server trying to use windows exploits on a linux server? i dunno. was just curious to see if someone else knew something i didnt. thanks
Block it and forget it. Sounds like a virus or random scans.
I see wierd things on occasion. I have several addresses in Austria blocked because they keep attempting to send domain updates to my nameserver for one of the domains I host. My nameserver properly denies the updates, but I got sick of seeing them in my logs.