IWETHEY v. 0.3.0 | TODO
1,095 registered users | 1 active user | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New Any of you getting constant IDENT requests ?


I had heard through security newsgroups that these are common & related to a feature of MS windows whereby Win computers try to identify other computers as part of their sharing software.

The below is typical here - and shows approx 1.5 hrs of IDENT reqs to the ISP end of my DSL connection.

Cheers - Doug Marker

10/Jan/2003 17:18:58 Filter 217.136.43.87 --> 218.102.106.207 UDP Port:137
10/Jan/2003 17:18:54 Filter 64.78.87.3 --> 218.102.106.207 UDP Port:137
10/Jan/2003 17:14:47 Filter 65.40.43.205 --> 218.102.106.207 UDP Port:137
10/Jan/2003 17:13:34 Filter 219.65.235.193 --> 218.102.106.207 UDP Port:137
10/Jan/2003 17:12:26 Filter 212.54.67.150 --> 218.102.106.207 UDP Port:137
10/Jan/2003 17:09:28 Filter 194.84.74.53 --> 218.102.106.207 UDP Port:137
10/Jan/2003 17:07:01 Filter 134.76.47.224 --> 218.102.106.207 UDP Port:137
10/Jan/2003 17:06:03 Filter 202.56.219.148 --> 218.102.106.207 UDP Port:137
10/Jan/2003 17:05:56 Filter 218.16.75.182 --> 218.102.106.207 UDP Port:137
10/Jan/2003 17:02:59 Filter 61.11.34.239 --> 218.102.106.207 UDP Port:137
10/Jan/2003 17:02:41 Filter 61.230.27.34 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:59:57 Filter 211.192.80.45 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:58:18 Filter 210.105.84.166 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:57:33 Filter 202.9.130.225 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:57:13 Filter 211.44.22.91 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:54:41 Filter 211.197.6.129 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:53:40 Filter 61.59.163.82 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:52:42 Filter 80.32.134.213 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:50:58 Filter 193.6.174.123 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:44:48 Filter 81.48.236.107 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:44:12 Filter 211.107.34.68 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:43:05 Filter 66.138.217.196 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:41:34 Filter 195.166.227.201 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:41:29 Filter 216.253.210.132 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:36:16 Filter 202.155.117.127 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:36:07 Filter 211.162.127.53 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:28:29 Filter 62.48.151.51 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:28:12 Filter 24.29.10.110 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:27:24 Filter 220.82.215.134 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:26:39 Filter 217.0.26.32 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:26:01 Filter 211.74.237.171 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:25:36 Filter 218.152.6.203 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:24:57 Filter 211.228.179.222 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:23:32 Filter 68.72.9.200 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:22:09 Filter 202.6.132.136 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:22:05 Filter 151.25.96.244 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:21:58 Filter 61.36.175.192 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:20:04 Filter 203.200.123.87 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:19:24 Filter 61.6.68.173 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:14:49 Filter 202.183.177.99 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:13:08 Filter 61.93.221.50 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:13:02 Filter 62.248.128.15 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:12:28 Filter 61.92.226.248 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:12:13 Filter 218.16.74.235 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:07:09 Filter 61.0.133.115 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:07:02 Filter 65.27.153.108 --> 218.102.106.207 UDP Port:137
10/Jan/2003 16:05:56 Filter 212.83.185.31 --> 218.102.106.207 UDP Port:137
10/Jan/2003 15:58:46 Filter 193.140.251.55 --> 218.102.106.207 UDP Port:137
10/Jan/2003 15:56:27 Filter 207.69.64.37 --> 218.102.106.207 UDP Port:137
10/Jan/2003 15:56:01 Filter 61.216.114.16 --> 218.102.106.207 UDP Port:137
New Heck you are lucky...
I get about 300 of those in 1.5 hours... it's terrible. With AT&T Broadband there are LOTS of Windows Computers trying to Findout whose on the wire.

Recently I told my script to ignore these *AND* to stop logging them.

[link|mailto:curley95@attbi.com|greg] - Grand-Master Artist in IT
[link|http://www.iwethey.org/ed_curry/|REMEMBER ED CURRY!]   [link|http://pascal.rockford.com:8888/SSK@kQMsmc74S0Tw3KHQiRQmDem0gAIPAgM/edcurry/1//|ED'S GHOST SPEAKS!]
Heimatland Geheime Staatspolizei reminds:
These [link|http://www.whitehouse.gov/pcipb/cyberstrategy-draft.html|Civilian General Orders], please memorize them.
"Questions" will be asked at safety checkpoints.
New Hmmm - that is next step - anyone got any good

firewall rules for blocking that and other similar gabage ?

Cheers

Doug
New Completely normal, AFAICS. I get them all the time.
But since my Linux firewall blocks all that stuff, I never see it on the inside.
Expand Edited by n3jja Jan. 10, 2003, 04:26:29 PM EST
New Re: Any of you getting constant IDENT requests ?
Is Windows your router? Then get Winroute and vanish.
-drl
New Nup router / firewall is Unix based

Not sure which one as it is built into the Buffalo Air Station Wi-Fi unit.

Doug

(Anyone who would use windows for a firewall/router obviously would know little about InfoSec <grin> - an absolute no-no in professional InfoSec circles)
New Re: Nup router / firewall is Unix based
Well, does it swallow packets that aren't from friendlies?

-drl
New Re: Nup router / firewall is Unix based

It allows me to enter rules for filtering traffic. I have IDENT requests blocked (but was logging them).

If I try Gibson's Shields-Up & Port Probe he says my computers are in stealth mode.

Zone Alarm Pro on each computer blocks his leak test program.

Re the firewall rules, as far as I can tell I can block specific ip addresses & specific port accessing but I think it would take a lot of research to work out an optimum set of firewall rules re what to let through.

Most web interaction involves accessing port 80 on a remote machine then establish communications between random ports allocated between the web server & browser. The think that then gets difficult is deciding what ranges to block.

Cheers

Doug
     Any of you getting constant IDENT requests ? - (dmarker) - (7)
         Heck you are lucky... - (folkert) - (1)
             Hmmm - that is next step - anyone got any good - (dmarker)
         Completely normal, AFAICS. I get them all the time. - (n3jja)
         Re: Any of you getting constant IDENT requests ? - (deSitter) - (3)
             Nup router / firewall is Unix based - (dmarker) - (2)
                 Re: Nup router / firewall is Unix based - (deSitter) - (1)
                     Re: Nup router / firewall is Unix based - (dmarker)

Anality R'US.
88 ms