138端口

137、138端口都属于UDP端口,它们在局域网中相互传输文件信息时,就会发生作用。而138端口的主要作用就是提供NetBIOS环境下的计算机名浏览功能。

非法***者要是与目标主机的138端口建立连接请求的话,就能轻松获得目标主机所处的局域网网络名称以及目标主机的计算机名称。有了计算机名称,其对应的IP地址也就能轻松获得。
 
防火墙捕获如下:
 TTL=64 ID=10365 PROTO=UDP SPT=138 DPT=138 LEN=182
Nov  1 21:21:52 llpwfirewall kernel: llog IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:21:70:83:97:69:08:00 SRC=172.20.1.198 DST=172.20.1.255 LEN=202 TOS=0x00 PREC=0x00 TTL=64 ID=10370 PROTO=UDP SPT=138 DPT=138 LEN=182
Nov  1 21:27:55 llpwfirewall kernel: llog IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:cd:ae:ba:90:08:00 SRC=172.20.1.73 DST=255.255.255.255 LEN=67 TOS=0x00 PREC=0x00 TTL=128 ID=13859 PROTO=UDP SPT=1004 DPT=1004 LEN=47
Nov  1 21:28:19 llpwfirewall kernel: llog IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1f:d0:c6:bc:89:08:00 SRC=172.20.1.162 DST=172.20.1.255 LEN=229 TOS=0x00 PREC=0x00 TTL=64 ID=27707 PROTO=UDP SPT=138 DPT=138 LEN=209
Nov  1 21:29:50 llpwfirewall kernel: llog IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1f:d0:c6:bc:89:08:00 SRC=172.20.1.162 DST=172.20.1.255 LEN=238 TOS=0x00 PREC=0x00 TTL=64 ID=30689 PROTO=UDP SPT=138 DPT=138 LEN=218
Nov  1 21:31:27 llpwfirewall kernel: llog IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:21:70:83:97:69:08:00 SRC=172.20.1.198 DST=172.20.1.255 LEN=229 TOS=0x00 PREC=0x00 TTL=64 ID=11655 PROTO=UDP SPT=138 DPT=138 LEN=209
Nov  1 21:31:27 llpwfirewall kernel: llog IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:21:70:83:97:69:08:00 SRC=172.20.1.51 DST=172.20.1.255 LEN=229 TOS=0x00 PREC=0x00 TTL=64 ID=11656 PROTO=UDP SPT=138 DPT=138 LEN=209
Nov  1 21:40:21 llpwfirewall kernel: llog IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1f:d0:c6:bc:89:08:00 SRC=172.20.1.162 DST=172.20.1.255 LEN=229 TOS=0x00 PREC=0x00 TTL=64 ID=49320 PROTO=UDP SPT=138 DPT=138 LEN=209
Nov  1 21:42:26 llpwfirewall kernel: llog IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:cd:ae:ba:90:08:00 SRC=172.20.1.73 DST=255.255.255.255 LEN=67 TOS=0x00 PREC=0x00 TTL=128 ID=1386 PROTO=UDP SPT=1004 DPT=1004 LEN=47